Nmap Announce mailing list archives
Re: Best way to block incoming TCP connections?
From: "Michael T. Babcock" <mikebabcock () pobox com>
Date: Sun, 07 May 2000 09:29:40 -0400
Following this discussion a little, I'd like to point out that being able to DROP or REJECT packets is perfectly sufficient in almost all cases. As for detecting exact packet types, this should be made easier, yes. But, being able to defeat OS scans is pointless. If you're embarassed of the OS you use or you know of open holes in it, you shouldn't be using it. If on the other hand, its political that you not have a visible OS (like your boss not knowing you use Linux on your router), you have problems that won't be fixed with OS detection detection. Lennert Buytenhek wrote:
Looks to me like it allows finger printing as well as stealth scans, depending on the current state of affairs of TCP in Linux...I'm sure that the Linux Powers That Be will argue that protecting against finger printing/stealth scanning is a useless 'feature' that only gets in the way.. *sigh*
(snip)
Right now, the linux ppl are arguing that the fw generating RSTs is bad, violates end-to-end, and will cause imminent internet death. Can you see anything which could remotely support these claims? (you might want to check a netfilter archive for the full thread, if you're interested)
-- _____/~-=##=-~\_____ -=+0+=-< Michael T. Babcock >-=+0+=- ~~~~~\_-=##=-_/~~~~~ http://www.linuxsupportline.com/~pgp/ ICQ: 4835018
Current thread:
- Re: Best way to block incoming TCP connections? Greg Hinton (May 06)
- Re: Best way to block incoming TCP connections? Darren Reed (May 06)
- Re: Best way to block incoming TCP connections? Lennert Buytenhek (May 07)
- Re: Best way to block incoming TCP connections? Michael T. Babcock (May 07)
- Re: Best way to block incoming TCP connections? Lennert Buytenhek (May 07)
- <Possible follow-ups>
- Re: Best way to block incoming TCP connections? Greg Hinton (May 06)
- Re: Best way to block incoming TCP connections? Darren Reed (May 06)