..best firewall camouflage?, was: Am I ready for the internet?
On Fri, 19 Sep 2003 10:39:26 -0700,
Vineet Kumar <vineet@doorstop.net> wrote in message
<[🔎] 20030919173926.GA6513@doorstop.net>:
> * Michael C. (mcsuper5@usol.com) [030919 10:30]:
> > In linux.debian.user, Jimmy Johansson <jimmy@update.uu.se> wrote:
> >
> > > I have set up Iptables so that I reject
> > > all incomming traffic, except the traffic I have requested,
> > > because I don't need incomming SSH or anything like that.
> >
> > While I believe it breaks something, if you're not serving the
> > internet, I'd drop incoming traffic as opposed to rejecting it, that
> > way you are stealth.
>
> I'd recommend just the opposite, since as you said, it breaks
> "something", and if you believe you are "stealth", you're only fooling
> yourself.
>
> IMO, it's not worth it. My favorite firewall configs reject TCP with
> RST, UDP with icmp-port-unreach, and other protocols with
> icmp-proto-unreach.
>
> I think it's easier to make your firewall invisible than it is to make
> your host invisible. You can't disappear; the best you can do is
> become uninteresting (no open ports).
..what setup wil look the least interesting, on dial-up, a "wintendo95
ready to fall over"? For us fat-pipers, a "Knoppix cd"? A "remaster"?
--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Reply to: