Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: Michael Milverton <camel77@...>
Subject: Re: firewall suggestions?
Date: Thu, 08 Jan 2004 22:52:41 +0800
Okay, many people believe that to hide your computer is good, it is what
many Internet security sites say. Could you elaborate on why it isn't
good to try to hide your computer.

On Thu, 2004-01-08 at 20:27, Oliver Schad wrote:
> Am Donnerstag, 8. Januar 2004 13:06 schrieb mir gonzalo:
> > 1/8/04 8:50 AM, Oliver Schad escribio:
> > > Am Mittwoch, 7. Januar 2004 23:05 schrieb mir Mark Hurst:
> > >> It's much better to have a firewall than just have ports not open.
> > >> Even though a port is not open it can reveal the presence of your
> > >> machine by the manner in which the IP stack responds to a connection
> > >> attempt. Using a firewall you can drop those packets, making all
> > >> your closed ports invisible.
> > >
> > > If you want to invisible, the next router to you have to send an ICMP
> > > packet with "host unreachable". If you say nothing anybody with some
> > > brain between his ears knows there is a very intelligent guy that
> > > want to be invisible.
> >
> > AFAIK they appear as "filtered",that's the difference between a closed
> > and a filtered port. The first responds with a "negative", the second
> > doesn't respond. Am I wrong?
> That's right. But no answer means there is somebody who doesn't answer. 
> Only if the last router before the target says "Hey, there is nobody", 
> then there is nobody (or there is an really intelligent guy, that wants 
> to hide his host).
> To hide a host is always very stupid, why should you do this? There is no 
> advantage.  If you "hide" your computer an attacker knows there is an 
> stupid guy who doesn't know anything about network security.
> mfg
> Oli
> --
> gentoo-security@g.o mailing list
signature.asc (This is a digitally signed message part)
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Oliver Schad
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
RE: firewall suggestions?

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.