Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: Daniel Privratsky <dsokrates@...>, gentoo-security@g.o
From: Oliver Schad <o.schad@...>
Subject: Re: firewall suggestions?
Date: Thu, 8 Jan 2004 20:48:40 +0100
Am Donnerstag, 8. Januar 2004 18:57 schrieb mir Daniel Privratsky:
> Wrong.
>
> 1) If you don't receive "destination unreachable" packet, you know
> nothing about the target host yet. This is not perfect-network world.
> There can be other fw/router anywhere in the way, killing this type of
> icmp traffic.
>
> 2) It slows scans a lot. You can of course do scannig in parallel, but
> don't be surprised, when you find yourself killed with no mercy by IDS,
> after matching SYN threshold. 1000+ syns/sec form IP adress to
> monitored system is sure ban.

What the fuck...
I don't understand this, we want to break internet standards because some 
script kids could be (under some circumstances) a little bit slower with 
their attacks, which can only be successful, when an administrator is too 
stupid to configure his systems. Is that the argumentation for breaking 
internet standards?

*argh*

mfg
Oli

--
gentoo-security@g.o mailing list

Replies:
Re: firewall suggestions?
-- Daniel Privratsky
References:
firewall suggestions?
-- Pooh Sun Tzu
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Daniel Privratsky
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.