| 1 |
Am Mittwoch, 7. Januar 2004 23:05 schrieb mir Mark Hurst: |
| 2 |
> It's much better to have a firewall than just have ports not open. Even |
| 3 |
> though a port is not open it can reveal the presence of your machine by |
| 4 |
> the manner in which the IP stack responds to a connection attempt. |
| 5 |
> Using a firewall you can drop those packets, making all your closed |
| 6 |
> ports invisible. |
| 7 |
|
| 8 |
If you want to invisible, the next router to you have to send an ICMP |
| 9 |
packet with "host unreachable". If you say nothing anybody with some |
| 10 |
brain between his ears knows there is a very intelligent guy that want to |
| 11 |
be invisible. |
| 12 |
|
| 13 |
mfg |
| 14 |
Oli |
| 15 |
|
| 16 |
-- |
| 17 |
gentoo-security@g.o mailing list |
Archives