Re: iptables firewall
On Wed, 30 Jul 2014 21:34:07 +0200
Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> Joe a écrit :
> >
> > Something else you might do now is to place temporary logging rules
> > before your 'DROP' rules, to confirm whether it is indeed iptables
> > which is blocking those packets.
>
> Or just run tcpdump while the port scan is running.
I like iptables, it's simple, and it tells you exactly what you want to
know, in real time, without needing to wade through man pages.
>
> > No logs, it's somebody or something
> > else. And if you have anything other than just a bare modem between
> > you and the outside world, which is not really best practice, then
> > the first place to look is the Net router.
> >
> > And as someone else asked, why are you worried about this
> > 'stealth'? As long as the bad packets don't get in, what does it
> > matter?
>
> He may have believed the claim by GRC et al. that "not stealth=at
> risk". But that's just some kind of security by obscurity, isn't it ?
>
>
On the whole, I think Mr Gibson knows what he is talking about, but
all the melodrama on his site is for the benefit of Windows users. If
you don't hugely exaggerate risks these days, nobody pays you any
attention. He may well have played a part in getting a firewall put
into XP, I don't think Microsoft was ever very bothered about home
users' security.
I'm not a security expert, but I read a bit now and then, and I think
if a competent Black Hat thinks there's a computer on a particular
address, he'll find it, and what OS it runs, and what its owner had for
breakfast... there's a lot more to life than well-formed TCP and UDP
packets, and everything incoming has to be handled by the networking
code, every protocol, every invalid packet, even when it pretends it's
not there. Iptables and suchlike will keep out the bots, and that's all
the small people need to do.
--
Joe
Reply to: