Gentoo Archives: gentoo-security

From: Alexander Schreiber <als@××××××××××××.de>
To: Daniel Privratsky <dsokrates@××××××.cz>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 18:40:12
In Reply to: Re: [gentoo-security] firewall suggestions? by Daniel Privratsky
On Thu, Jan 08, 2004 at 06:57:28PM +0100, Daniel Privratsky wrote:
> Wrong. > > 1) If you don't receive "destination unreachable" packet, you know > nothing about the target host yet. This is not perfect-network world. > There can be other fw/router anywhere in the way, killing this type of > icmp traffic. > > 2) It slows scans a lot.
Only for people too stupid for doing port scans (a rare defect even among script kiddies).
> You can of course do scannig in parallel, but > don't be surprised, when you find yourself killed with no mercy by IDS, > after matching SYN threshold. 1000+ syns/sec form IP adress to monitored > system is sure ban.
Cool. Your IDS just banned the IPs of your customers mail-, web- and proxy-servers. Spoofing IP adresses just to mess with such automatic systems is easy. Regards, Alex. -- "Opportunity is missed by most people because it is dressed in overalls and looks like work." -- Thomas A. Edison -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] firewall suggestions? Daniel Privratsky <dsokrates@××××××.cz>
Re: [gentoo-security] firewall suggestions? Mans Matulewicz <cybermans@××××××.nl>