Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: "Thomas T. Veldhouse" <veldy@...>
From: Alexander Schreiber <als@...>
Subject: Re: firewall suggestions?
Date: Thu, 8 Jan 2004 19:08:10 +0100
On Thu, Jan 08, 2004 at 08:16:24AM -0600, Thomas T. Veldhouse wrote:
> Oliver Schad wrote:
> > 
> > That's right. But no answer means there is somebody who doesn't
> > answer. Only if the last router before the target says "Hey, there is
> > nobody", then there is nobody (or there is an really intelligent guy,
> > that wants to hide his host).
> > 
> > To hide a host is always very stupid, why should you do this? There
> > is no advantage.  If you "hide" your computer an attacker knows there
> > is an stupid guy who doesn't know anything about network security.
> > 
> > mfg
> > Oli
> 
> One reason ... it slows down various scans.

Only for very primitive scanners. And it tends to fuck with debugging
network problems ("hmm, packets disappear into a black hole, not even a
TCP reject, but customer tells me the machine is up and connected ...
maybe wrong IP configuration ...").

Using DROP instead of REJECT is almost always a very bad idea and seeing
it done usually implies and imcompetent admin.

Regards,
      Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison

--
gentoo-security@g.o mailing list

References:
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Thomas T. Veldhouse
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.