On Tue, 31 Jul 2001 12:14:20 PDT, "Karsten M. Self" writes:
>> On Wed, Jul 25, 2001 at 01:38:19PM -0400, Jason Healy wrote:
>> > > Are there any drawbacks to DENY? Is there a general consensus on this
>> > > subject?
>The benefits are twofold:
>
> - For a two-stage scan, DENY gives the appearan
on Wed, Jul 25, 2001 at 02:32:51PM -0400, Noah Meyerhans ([EMAIL PROTECTED])
wrote:
> On Wed, Jul 25, 2001 at 01:38:19PM -0400, Jason Healy wrote:
> > > Are there any drawbacks to DENY? Is there a general consensus on this
> > > subject?
> >
> > In general, DENY is good because it does just what
On Wed, 25 Jul 2001 17:12:22 PDT, Alvin Oga writes:
>> >Moral of that story is to make sure that you either run an ident
>> >server, or set it to REJECT.
>>
>> Well, I wouldn´t (and don´t) run identd, since I have no intention of
>> revealing the name of the user running a particular service (i
hi ya
> >Moral of that story is to make sure that you either run an ident
> >server, or set it to REJECT.
>
> Well, I wouldn´t (and don´t) run identd, since I have no intention of
> revealing the name of the user running a particular service (in
if one runs identd... any incoming email addr
On Wed, 25 Jul 2001 13:38:19 EDT, Jason Healy writes:
>The other problem is that if you DENY certain oft-used services, you
>can cause problems. For example, if you DENY on the ident service
>port, machines trying to connect to you will timeout waiting for ident
>info. Some mail servers try to
At 996089571s since epoch (07/25/01 14:32:51 -0400 UTC), Noah Meyerhans wrote:
> There's definitely no consensus on this; it's largely a matter of
> personal taste.
I definitely agree there.
> I don't see how making portscans take longer equates to making them
> more difficult to perform, as you
On Wed, Jul 25, 2001 at 01:38:19PM -0400, Jason Healy wrote:
> > Are there any drawbacks to DENY? Is there a general consensus on this
> > subject?
>
> In general, DENY is good because it does just what your friend says.
> This also makes things like portscans more difficult, as they take
> longe
At 996072286s since epoch (07/25/01 12:44:46 -0400 UTC), Matthew Thompson wrote:
> I was talking with a friend of mine who said it's better to have a policy
> of DENY since that doesn't return any information and if someone is trying
> to attack the machine on a closed port, it will take much longe
Greetings, all,
Just looking for some opinions/feedback from y'all.
I'm responsible for a few servers that are connected to the internet.
They are all running 2.2.19 kernels with ipchains. Ports are open for
apache, ftp, smtp, ssh and imap, but all others are closed with a policy
of REJECT.
I w
9 matches
Mail list logo