This can partially be countered (but not fully be solved) by using
portsentry.
Regards
Gustav
Robert Glover wrote:
>
> > > localbox:1055 --> 1.2.3.4:80
> > >
> > > The firewall sees this and for some
> > > period of seconds or until the
> > > connection is closed will allow
> > > incomming packets on port 1055
> > > only from IP address 1.2.3.4
> >
> > OK, but what, exactly, does that buy you that blocking SYN packets does
> > not? If I use ipchains to refuse SYN packets on ports above 1024, then
> > nobody on the outside can connect to user applications that have ports
> > open (like GNOME apps), but I'm still free to use HTTP and PASV ftp, no?
>
> Some wretched soul might send a non-SYN packet at one your open TCP ports as
> part of some kind of port scan. The response from that port would tell them
> that something is there. If those ports were blocked by the stateful
> inspection firewall, then there would be no response.
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
