Am Mon, 2002-12-09 um 16.09 schrieb Paul Johnson: > On Mon, Dec 09, 2002 at 08:10:42AM -0600, Jamin W. Collins wrote: > > Stealth firewalls are in some cases better. If you DENY a packet, then > > the remote end knows that something answered the request, as it got a > > denied response back. If you DROP the packet the remote end gets > > nothing back. > > And the other end *still* knows something there, as it didn't get a > Destination Host Unreachable and it didn't get a response back. So > you still are visible, you just get the false sense of security in > thinking you aren't.
Correct. nmap displays a scanned port as "filtered" even if you DROP the packet. If you respong to a ping but DROP all port scans it's clear to all hackers that you have a packetfilter. The one and only good thing about DROP'ing is that you piss off script kiddies when they try to portscan your box since the scan will take ages. (correct me if i'm wrong) > All you really accomplish is pissing off > legitimately misguided users, Really? Normal users don't scan blocked Ports. And if they mistype an IP it's their problem not mine :) > and detouring the incompetant cracker > that wouldn't get in anyway. Correct. Skilled hackers will own your box in any case. You can only try to make it harder for them to do so (ie: it takes longer). -- Matthias Hentges [www.hentges.net] -> PGP + HTML are welcome ICQ: 97 26 97 4 -> No files, no URLs My OS: Debian Woody: Geek by Nature, Linux by Choice -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
