Home page logo

Nmap Announce mailing list archives

Re: Best way to block incoming TCP connections?
From: "Michael T. Babcock" <mikebabcock () pobox com>
Date: Sun, 07 May 2000 09:29:40 -0400

Following this discussion a little, I'd like to point out that being able to DROP
or REJECT packets is perfectly sufficient in almost all cases.

As for detecting exact packet types, this should be made easier, yes.   But,
being able to defeat OS scans is pointless.  If you're embarassed of the OS you
use or you know of open holes in it, you shouldn't be using it.  If on the other
hand, its political that you not have a visible OS (like your boss not knowing
you use Linux on your router), you have problems that won't be fixed with OS
detection detection.

Lennert Buytenhek wrote:

Looks to me like it allows finger printing as well as stealth scans,
depending on the current state of affairs of TCP in Linux...

I'm sure that the Linux Powers That Be will argue that protecting against
finger printing/stealth scanning is a useless 'feature' that only gets in
the way.. *sigh*


Right now, the linux ppl are arguing that the fw generating RSTs is bad,
violates end-to-end, and will cause imminent internet death. Can you see
anything which could remotely support these claims? (you might want to
check a netfilter archive for the full thread, if you're interested)

       -=+0+=-< Michael T. Babcock >-=+0+=-
http://www.linuxsupportline.com/~pgp/ ICQ: 4835018

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]