Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Daniel Privratsky <dsokrates@...>
Subject: Re: firewall suggestions?
Date: Thu, 08 Jan 2004 19:58:04 +0100
Alexander Schreiber wrote:
> On Thu, Jan 08, 2004 at 06:57:28PM +0100, Daniel Privratsky wrote:
> 
>>Wrong.
>>
>>1) If you don't receive "destination unreachable" packet, you know
>>nothing about the target host yet. This is not perfect-network world.
>>There can be other fw/router anywhere in the way, killing this type of
>>icmp traffic.
>>
>>2) It slows scans a lot.
> 
> 
> Only for people too stupid for doing port scans (a rare defect even
> among script kiddies).

Hmmm, a little schisophrenic situation. Are we talking about mass scan 
seeking for live systems in some IP space or directed attack to your 
specific system?
For the first scenario it is some useful protection. No response still 
means system down, attacker will hardly waste time for detail investigation.
For the second scenario, it's useful too. Time out waiting will slow him 
down.

> 
> 
>>You can of course do scannig in parallel, but
>>don't be surprised, when you find yourself killed with no mercy by IDS,
>>after matching SYN threshold. 1000+ syns/sec form IP adress to monitored
>>system is sure ban.
> 
> 
> Cool. Your IDS just banned the IPs of your customers mail-, web- and
> proxy-servers. Spoofing IP adresses just to mess with such automatic
> systems is easy.
Nonsense. Such active-response IDS is primary site protection. It 
detects incoming SYNs, not outgoing.

Regards

Dan
> 
> Regards,
>        Alex.


--
gentoo-security@g.o mailing list

References:
firewall suggestions?
-- Pooh Sun Tzu
Re: firewall suggestions?
-- Mark Hurst
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Daniel Privratsky
Re: firewall suggestions?
-- Alexander Schreiber
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.