RE: [fw-wiz] Home Environment Cisco

From: Paul Robertson (
Date: 06/06/03

  • Next message: Paul Robertson: "Re: [fw-wiz] OT: FTP Servers"
    Date: Fri, 6 Jun 2003 16:18:53 -0400 (EDT)

    On 5 Jun 2003, Florin Andrei wrote:

    > Hmmm... All that in a firewall for a _home_environment_?

    Yep, Identity Fraud is probably the #1 crime, and lots of homes contain
    PCs with sensative work data, if not VPN clients.

    > I actually have an opposite complaint about nmap: if the firewall drops
    > UDP packets, nmap marks those ports as being "open".
    > I can see the reasons why this behaviour was chosen, yet i'd like a CLI
    > switch to tell nmap "just say NO RESPONSE in that case, don't mark the
    > ports as being open."
    > But that's offtopic...

    But worth a retort- Fyodor not only gave you NMAP, he gave you the
    *source* to NMAP.

    It's a shame when you've got all the pieces, and you're sitting at the
    table waiting for someone else to put your puzzle together for you.

    > Sure, but different environments have different requirements.
    > Staying within the domain targeted by the original message (firewalls
    > for home environments), i'll say NAT does a great job: simple, takes out
    > a lot of problems (yet not all, as you pointed out), not too intrusive.
    > And did i mention it's simple? :-) The perfect one-stop-shop.

    Except it's not perfect- witness the worm and virus explosions from home

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation

    firewall-wizards mailing list

  • Next message: Paul Robertson: "Re: [fw-wiz] OT: FTP Servers"

    Relevant Pages

    • Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket
      ... Hi Paul, well yes I have found nmap to be buggy at times myself. ... How reliable have people here found nmap and nessus to be? ... to facilitate one-on-one interaction with one of our expert instructors. ...
    • Re: Firewall
      ... Paul wrote: ... > I have the firewall on but when I ran an NMAP scan of my dial up IP ... From where have you done the nmap test. ... Try something online, like: ...