When an exploit is found and everybody use reject more computers can be
scanned for the exploitable program/service in the same time... I don't
see why we should make it easy for the script kids...
I want to use pf for my gentoo box as for my openbsd box :(
> -----Original Message-----
> From: Oliver Schad [mailto:o.schad@×××.de]
> Sent: den 8 januari 2004 15:25
> To: email@example.com
> Subject: Re: [gentoo-security] firewall suggestions?
> Am Donnerstag, 8. Januar 2004 15:16 schrieb mir Thomas T. Veldhouse:
> > Oliver Schad wrote:
> > > That's right. But no answer means there is somebody who doesn't
> > > answer. Only if the last router before the target says "Hey, there is
> > > nobody", then there is nobody (or there is an really intelligent guy,
> > > that wants to hide his host).
> > >
> > > To hide a host is always very stupid, why should you do this? There
> > > is no advantage. If you "hide" your computer an attacker knows there
> > > is an stupid guy who doesn't know anything about network security.
> > >
> > > mfg
> > > Oli
> > One reason ... it slows down various scans.
> Not really. And why should a network scan be dangerous? Security by
> obscurity doesn't work. You can scan a well configured host all day long,
> who cares?
> firstname.lastname@example.org mailing list