[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hacked - is it my turn? - interesting

On Tue, Feb 03, 2004 at 02:09:42PM +0100, François TOURDE wrote:
> Le 12451i?me jour apr?s Epoch,
> Richard Atterer écrivait:
> 
> > On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> >> No, with REJECT they would show up as "closed". DROP produces "filtered".
> >
> > FWIW, you also need "--reject-with tcp-reset" to fool nmap.
> 
> But I think DROP is the best way, 'cause it slow down NMAP or other
> sniffers. Sniffers must wait packet timeout, then retry, then wait,
> etc.

Check out the TARPIT target [*] if you're to take this route, but
beware it is really a killer patch--at least, we've had a misconfigured
rule that caused significant head ache to our legitim users.

[*] http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT

bit,
adam

-- 
Am I a cleric?     | 1024D/37B8D989
Or maybe a sinner? | 954B 998A E5F5 BA2A 3622
Unbeliever?        | 82DD 54C2 843D 37B8 D989
Renegade?          | http://sks.dnsalias.net
Reply to: