Re: 'mirror' with iptables

To: jeld@mindless.com
Cc: thomas lakofski <thomas@88.net>, Tim Haynes <debian@stirfried.vegetable.org.uk>, fadel@ferasoft.com.br, <debian-security@lists.debian.org>
Subject: Re: 'mirror' with iptables
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: 14 Nov 2001 20:21:33 +0000
Message-id: <[🔎] 86y9l96r3m.fsf@potato.vegetable.org.uk>
Reply-to: debian@stirfried.vegetable.org.uk
In-reply-to: <[🔎] 200111142009.fAEK9SQ24392@zaphod.tigertesting.com> (Dmitriy Kropivnitskiy's message of "Wed, 14 Nov 2001 15:09:28 -0500")
References: <[🔎] Pine.LNX.4.40.0111141302580.24807-100000@io.88.net> <[🔎] 200111142009.fAEK9SQ24392@zaphod.tigertesting.com>

Dmitriy Kropivnitskiy <jeld@mindless.com> writes:

[snip]
> > how does this stop the scanner from identifying open ports?
> 
> If you actually drop packets instead of rejecting them your port scanner
> will slow down to a crawl, since it has to wait for timeout on every try.

Bzzzzzzt.

Push out loads of packets to many hosts at one port per host, and just sit
back & wait for the responses; they'll tell you if they're listening. 
Absolutely *nobody* does multi-port per host sweeps these days - to the
extent that I nmapped myself from ports 20-25 only, this morning, and it
occupied the greater amount of the firewall log for the last 24hrs.

~Tim
-- 
And in the rapture and the charm,           |piglet@stirfried.vegetable.org.uk
Came the tranquil and the calm,             |http://spodzone.org.uk/
On the ridge of the mighty Atlantic.        |

Reply to:

Follow-Ups:
- Re: 'mirror' with iptables
  - From: Dmitriy Kropivnitskiy <jeld@mindless.com>

References:
- Re: 'mirror' with iptables
  - From: thomas lakofski <thomas@88.net>
- Re: 'mirror' with iptables
  - From: Dmitriy Kropivnitskiy <jeld@mindless.com>

Prev by Date: Re: 'mirror' with iptables
Next by Date: Re: is iptables slow?
Previous by thread: Re: 'mirror' with iptables
Next by thread: Re: 'mirror' with iptables
Index(es):
- Date
- Thread