| 1 |
When an exploit is found and everybody use reject more computers can be |
| 2 |
scanned for the exploitable program/service in the same time... I don't |
| 3 |
see why we should make it easy for the script kids... |
| 4 |
|
| 5 |
I want to use pf for my gentoo box as for my openbsd box :( |
| 6 |
|
| 7 |
> -----Original Message----- |
| 8 |
> From: Oliver Schad [mailto:o.schad@×××.de] |
| 9 |
> Sent: den 8 januari 2004 15:25 |
| 10 |
> To: gentoo-security@l.g.o |
| 11 |
> Subject: Re: [gentoo-security] firewall suggestions? |
| 12 |
> |
| 13 |
> Am Donnerstag, 8. Januar 2004 15:16 schrieb mir Thomas T. Veldhouse: |
| 14 |
> > Oliver Schad wrote: |
| 15 |
> > > That's right. But no answer means there is somebody who doesn't |
| 16 |
> > > answer. Only if the last router before the target says "Hey, there is |
| 17 |
> > > nobody", then there is nobody (or there is an really intelligent guy, |
| 18 |
> > > that wants to hide his host). |
| 19 |
> > > |
| 20 |
> > > To hide a host is always very stupid, why should you do this? There |
| 21 |
> > > is no advantage. If you "hide" your computer an attacker knows there |
| 22 |
> > > is an stupid guy who doesn't know anything about network security. |
| 23 |
> > > |
| 24 |
> > > mfg |
| 25 |
> > > Oli |
| 26 |
> > |
| 27 |
> > One reason ... it slows down various scans. |
| 28 |
> |
| 29 |
> Not really. And why should a network scan be dangerous? Security by |
| 30 |
> obscurity doesn't work. You can scan a well configured host all day long, |
| 31 |
> who cares? |
| 32 |
> |
| 33 |
> mfg |
| 34 |
> Oli |
| 35 |
> |
| 36 |
> -- |
| 37 |
> gentoo-security@g.o mailing list |
| 38 |
|
| 39 |
|
| 40 |
-- |
| 41 |
gentoo-security@g.o mailing list |
Archives