Re: Packet filtering help
On Tue, Apr 10, 2001 at 12:13:52PM +0200, Vaclav Hula wrote:
> RFC compliancy isn't enough? IMHO should be.
Someone else has already responded to this; but no, RFC compliance
doesn't necessarily tell us the best thing to do for every situation.
Take syn cookies for example.
> > A decent policy is to drop everything you don't need to respond to.
> breaking everything you do not need to work isn't decent. someone else might
What are you talking about?
If you need this for someone else to be able to contact you then this
falls into the "you need this" category. Simple.
> > You do gain some "security through obscurity." Depending on how much
> "security through obscurity." = "false feeling of security" :-)
No, because there's nothing falsified about this. If you know what you
are doing then you know exactly what you are _not_ gaining as well as
what you are gaining. I already explained this.
> > For instance, many script kiddies will not scan your entire box if you
> > are undetected by a ping sweep. Granted, if you have other
> > vulnerabilities that you are hiding then you have bigger problems. But
> > it can buy you some time at least.
> Script kiddie scanning your entire box won't hurt you much.
Where did I say it would? This has nothing to do with the scan; it has
something to do with the kiddie's next move (if any) _after_ detecting your