| 1 |
On Thu, Jan 08, 2004 at 08:16:24AM -0600, Thomas T. Veldhouse wrote: |
| 2 |
> Oliver Schad wrote: |
| 3 |
> > |
| 4 |
> > That's right. But no answer means there is somebody who doesn't |
| 5 |
> > answer. Only if the last router before the target says "Hey, there is |
| 6 |
> > nobody", then there is nobody (or there is an really intelligent guy, |
| 7 |
> > that wants to hide his host). |
| 8 |
> > |
| 9 |
> > To hide a host is always very stupid, why should you do this? There |
| 10 |
> > is no advantage. If you "hide" your computer an attacker knows there |
| 11 |
> > is an stupid guy who doesn't know anything about network security. |
| 12 |
> > |
| 13 |
> > mfg |
| 14 |
> > Oli |
| 15 |
> |
| 16 |
> One reason ... it slows down various scans. |
| 17 |
|
| 18 |
Only for very primitive scanners. And it tends to fuck with debugging |
| 19 |
network problems ("hmm, packets disappear into a black hole, not even a |
| 20 |
TCP reject, but customer tells me the machine is up and connected ... |
| 21 |
maybe wrong IP configuration ..."). |
| 22 |
|
| 23 |
Using DROP instead of REJECT is almost always a very bad idea and seeing |
| 24 |
it done usually implies and imcompetent admin. |
| 25 |
|
| 26 |
Regards, |
| 27 |
Alex. |
| 28 |
-- |
| 29 |
"Opportunity is missed by most people because it is dressed in overalls and |
| 30 |
looks like work." -- Thomas A. Edison |
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-security@g.o mailing list |
Archives