-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

epistula illius Thomas T. Veldhouse profluit verbis:
> Oliver Schad wrote:
> > [scans are'nt dangerous - so reject]
>
> True, but if you do happen to have an exploitable service (i.e. the brk
> issue with the linux kernel and rsync recently), a script kiddie might
> grow tired of waiting for scan results from your network and go
> elsewhere. Certainly slowing down potential hackers buys time and
> frustration for the attacker if nothing else.  The assumption that all
> potential attackers are experts is not a good one.

And seduction got absolutely nothing to do with security. It's a simple 
boolean: either Your system is secure (in terms of human calculation[*]) 
or it's not. There is no enhanced or "partial" security ...

And once again: From a more or less "psychological point of view" it's 
even worse concerning the traffic load: the curious "bad guy" would try 
to go on. So it's better to explicitly tell him to go away.

[*] "secure" means:  You have to invest more effort into breaking into the 
system than you can expect to gain from it.

- -- 
If you don't have a nasty obituary you probably didn't matter.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE//YMwwGaWYjpgASMRAl/WAKCeKLpkaa21rdgDaCSz/L2Wex/n1gCgsbSs
LFKxocfBcw0KM83fxEMw+rI=
=SKyG
-----END PGP SIGNATURE-----

--
gentoo-security@g.o mailing list