On Mon, Dec 09, 2002 at 08:10:42AM -0600, Jamin W. Collins wrote: > Stealth firewalls are in some cases better. If you DENY a packet, then > the remote end knows that something answered the request, as it got a > denied response back. If you DROP the packet the remote end gets > nothing back.
And the other end *still* knows something there, as it didn't get a Destination Host Unreachable and it didn't get a response back. So you still are visible, you just get the false sense of security in thinking you aren't. All you really accomplish is pissing off legitimately misguided users, and detouring the incompetant cracker that wouldn't get in anyway. -- .''`. Baloo <[EMAIL PROTECTED]> : :' : proud Debian admin and user `. `'` `- Debian - when you have better things to do than to fix a system
msg17869/pgp00000.pgp
Description: PGP signature
