Gentoo Archives: gentoo-security

From: Alexander Schreiber <als@××××××××××××.de>
To: "Thomas T. Veldhouse" <veldy@×××××.net>
Cc: Oliver Schad <o.schad@×××.de>, gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 18:23:37
In Reply to: Re: [gentoo-security] firewall suggestions? by "Thomas T. Veldhouse"
On Thu, Jan 08, 2004 at 08:16:24AM -0600, Thomas T. Veldhouse wrote:
> Oliver Schad wrote: > > > > That's right. But no answer means there is somebody who doesn't > > answer. Only if the last router before the target says "Hey, there is > > nobody", then there is nobody (or there is an really intelligent guy, > > that wants to hide his host). > > > > To hide a host is always very stupid, why should you do this? There > > is no advantage. If you "hide" your computer an attacker knows there > > is an stupid guy who doesn't know anything about network security. > > > > mfg > > Oli > > One reason ... it slows down various scans.
Only for very primitive scanners. And it tends to fuck with debugging network problems ("hmm, packets disappear into a black hole, not even a TCP reject, but customer tells me the machine is up and connected ... maybe wrong IP configuration ..."). Using DROP instead of REJECT is almost always a very bad idea and seeing it done usually implies and imcompetent admin. Regards, Alex. -- "Opportunity is missed by most people because it is dressed in overalls and looks like work." -- Thomas A. Edison -- gentoo-security@g.o mailing list