List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
-----BEGIN PGP SIGNED MESSAGE-----
epistula illius MA profluit verbis:
> When an exploit is found and everybody use reject more computers can be
> scanned for the exploitable program/service in the same time... I don't
> see why we should make it easy for the script kids...
As shown that's no advantage. One could generate many, many parallel ICMPs
and wait for the one timeout period. Quite the opposite of Your
proposition is true: Ident eg. helps You to identify the "bad guys" in
Your network - supposed You got a propperly configured network. DENY for
ident renders such information useless, because DENIED packets won't get
logged anymore. So - one could even say You're going to protect the "bad
- From a more or less "psychological point of view" it's even worse
concerning the traffic load: the curious "bad guy" would try to go on. So
it's better to explicitly tell him to go away.
mental floss prevents moral decay
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP SIGNATURE-----
firstname.lastname@example.org mailing list