Gentoo Archives: gentoo-security

From: Mark Hurst <mark@××××××.net>
To: Andreas Waschbuesch <awaschb@××××.de>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Fri, 09 Jan 2004 06:34:01
In Reply to: Re: [gentoo-security] firewall suggestions? by Andreas Waschbuesch
> > When an exploit is found and everybody use reject more computers can > > be scanned for the exploitable program/service in the same time... I > > don't see why we should make it easy for the script kids... > > As shown that's no advantage. One could generate many, many parallel > ICMPs and wait for the one timeout period. Quite the opposite of Your > proposition is true: Ident eg. helps You to identify the "bad guys" in > Your network - supposed You got a propperly configured network. DENY for > ident renders such information useless, because DENIED packets won't get > logged anymore. So - one could even say You're going to protect the "bad > guys".
Then why do people run tarpits? The scanner has limited outgoing resources, having to wait for a timeout reduces the amount of ports they can scan in a specific timeframe. Whether or not you run an ident server and allow access to it is another matter. And what's to stop you logging dropped packets? regards -- gentoo-security@g.o mailing list