1 |
Am Mittwoch, 7. Januar 2004 23:05 schrieb mir Mark Hurst: |
2 |
> It's much better to have a firewall than just have ports not open. Even |
3 |
> though a port is not open it can reveal the presence of your machine by |
4 |
> the manner in which the IP stack responds to a connection attempt. |
5 |
> Using a firewall you can drop those packets, making all your closed |
6 |
> ports invisible. |
7 |
|
8 |
If you want to invisible, the next router to you have to send an ICMP |
9 |
packet with "host unreachable". If you say nothing anybody with some |
10 |
brain between his ears knows there is a very intelligent guy that want to |
11 |
be invisible. |
12 |
|
13 |
mfg |
14 |
Oli |
15 |
|
16 |
-- |
17 |
gentoo-security@g.o mailing list |