Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Andreas Waschbuesch <awaschb@...>
Subject: Re: firewall suggestions?
Date: Thu, 8 Jan 2004 16:07:05 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

epistula illius MA profluit verbis:
> When an exploit is found and everybody use reject more computers can be
> scanned for the exploitable program/service in the same time... I don't
> see why we should make it easy for the script kids...
> [...]


As shown that's no advantage. One could generate many, many parallel ICMPs 
and wait for the one timeout period. Quite the opposite of Your 
proposition is true: Ident eg. helps You to identify the "bad guys" in 
Your network - supposed You got a propperly configured network. DENY for 
ident renders such information useless, because DENIED packets won't get 
logged anymore. So - one could even say You're going to protect the "bad 
guys".

- From a more or less "psychological point of view" it's even worse 
concerning the traffic load: the curious "bad guy" would try to go on. So 
it's better to explicitly tell him to go away. 

- -- 
mental floss prevents moral decay
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE//XIZwGaWYjpgASMRAs41AKCsOUY0sllFBTmLIrYi9ZxgSH5viACcDyYv
ogd9opzM8Upwwp8BdjaDmJk=
=ogTH
-----END PGP SIGNATURE-----

--
gentoo-security@g.o mailing list

Replies:
Re: firewall suggestions?
-- Mark Hurst
References:
RE: firewall suggestions?
-- MA
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
RE: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
RE: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.