Tobias Klausmann wrote: > On Tue, 07 Feb 2006, Francois Toussenel wrote: >> (I would add that one might want to never respond to pings, for >> instance, so starting iptables between net.eth0 and services seems not >> enough.) > > Why (outside of s specific attack in that area) would one *not* > respond to pings? Outside from a specific attack in that area > happening, I see no reason to do so.
Everyone knows, that only stealthed hosts are secure. To archive this, you have to block not only icmp but also arp. ;-) Regards Oli -- gentoo-security@gentoo.org mailing list
