[Courses] Re: [Courses][Security] return RST
coldfire
rolick571 at duq.edu
Wed Mar 27 03:35:39 EST 2002
> Advantages: nobody knows you've got a firewall (at least, to a
> cursory look. They may suspect or fingerprint.). Disadvantages: nobody
> knows you've got a firewall. [grin] It depends on the psychology of
> your attacker -- is a firewall going to make them go "Oooh, too hard,
> I'll look for easier prey" or "Oooh, there must be something good
> there"? There is much debate on this subject.
not to flag myself as a blackhat or anything ;p .. but when i see a
firewall, i say to myself, "i wanna see if i can break this." but i would
want to do so just to learn, circumvent protection .. that kind of thing.
i can imagine that if it was someone with malicious intent, they would
target the quickest and easiest machine.
using REJECT makes your firewall "nicer." if you use DROP, hosts
connecting to a bad port or whatever will have to wait for a timeout.
this can be advantageous too, however, since it may slow down some port
scans. using DROP can also make your host appear as if it isn't even up.
but if you're on the same network as a scanning machine, you can figure
out whether a host is up or not regardless of it's firewall policy.
coldie
More information about the Courses
mailing list