Gentoo Archives: gentoo-security

From: Andreas Waschbuesch <awaschb@××××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 15:23:54
In Reply to: RE: [gentoo-security] firewall suggestions? by MA
Hash: SHA1

epistula illius MA profluit verbis:
> When an exploit is found and everybody use reject more computers can be > scanned for the exploitable program/service in the same time... I don't > see why we should make it easy for the script kids... > [...]
As shown that's no advantage. One could generate many, many parallel ICMPs and wait for the one timeout period. Quite the opposite of Your proposition is true: Ident eg. helps You to identify the "bad guys" in Your network - supposed You got a propperly configured network. DENY for ident renders such information useless, because DENIED packets won't get logged anymore. So - one could even say You're going to protect the "bad guys". - From a more or less "psychological point of view" it's even worse concerning the traffic load: the curious "bad guy" would try to go on. So it's better to explicitly tell him to go away. - -- mental floss prevents moral decay -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE//XIZwGaWYjpgASMRAs41AKCsOUY0sllFBTmLIrYi9ZxgSH5viACcDyYv ogd9opzM8Upwwp8BdjaDmJk= =ogTH -----END PGP SIGNATURE----- -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] firewall suggestions? Mark Hurst <mark@××××××.net>