Björn Persson wrote:
Matthew Woehlke wrote:
Björn Persson wrote:
Matthew Woehlke wrote:
an iptables rule
that allows stuff if there is a socket that will receive it, otherwise
can drop
Where's the point in that?
Stealth? You might as well ask what is the point of using DROP (instead
of REJECT) at all. Obviously there is a reason or else it wouldn't exist.
That's obscurity, not security.
Why is it people seem to have a problem with obscurity *on top of*
security? What's wrong with making it as hard as possible for the "bad
guys"?
If there's a hole in Sendmail for example,
then attackers trying to exploit that hole won't start by probing port 26384
and then connect to port 25 only if they get an RST packet from port 26384.
...and if I happen to not be running sendmail at the time, my machine
will appear to not exist, rather than going on the 'try other exploits'
list. (Especially if I happen to be not running /any/ services at the
time and am therefore truly stealthy.)
You're not truly "stealth" unless you drop *all* packets, at which
point you can just as well unplug the network cable (or turn WiFi off
with the kill switch).
Not all packets, just incoming ones that don't belong to established
connections. (I'll assume we're not talking about a black hat to whose
server you have explicitly connected.)
Besides, you didn't address the original question: if DROP is as
non-useful as you claim, why does it exist?
--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
"unsubscribe me plz!!" -- Newbies
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
