[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How insecure are cable connections, versus dialup?

Am Mon, 2002-12-09 um 16.09 schrieb Paul Johnson:
> On Mon, Dec 09, 2002 at 08:10:42AM -0600, Jamin W. Collins wrote:
> > Stealth firewalls are in some cases better.  If you DENY a packet, then
> > the remote end knows that something answered the request, as it got a
> > denied response back.  If you DROP the packet the remote end gets
> > nothing back.
> And the other end *still* knows something there, as it didn't get a
> Destination Host Unreachable and it didn't get a response back.  So
> you still are visible, you just get the false sense of security in
> thinking you aren't. 

Correct. nmap displays a scanned port as "filtered" even if you DROP the
packet. If you respong to a ping but DROP all port scans it's clear to
all hackers that you have a packetfilter.

The one and only good thing about DROP'ing is that you piss off script
kiddies when they try to portscan your box since the scan will take
ages. (correct me if i'm wrong)

>  All you really accomplish is pissing off
> legitimately misguided users, 

Really? Normal users don't scan blocked Ports. And if they mistype an IP
it's their problem not mine :)

> and detouring the incompetant cracker
> that wouldn't get in anyway.

Correct. Skilled hackers will own your box in any case. You can only try
to make it harder for them to do so (ie: it takes longer).


Matthias Hentges
[www.hentges.net] -> PGP + HTML are welcome
ICQ: 97 26 97 4   -> No files, no URLs

My OS: Debian Woody: Geek by Nature, Linux by Choice

Reply to: