Re: Tiny or Zone Alarm?

From: Lutz Donnerhacke (lutz@iks-jena.de)
Date: 02/13/02 

From: lutz@iks-jena.de (Lutz Donnerhacke)
Date: Wed, 13 Feb 2002 12:58:13 +0000 (UTC)

* Kevin Steele wrote:
>Been there, did that. No file sharing, no "universal plug and play", no
>open ports.
>
>I still run a firewall.

For which purpose.

>> > Is there a way to accomplish the goals of a firewall (stealth and
>>
>> There is no need to 'stealth' a properly configured system and
>> 'sthealting' ist by dropping packages is bad habits. A properly
>> configured systems runs no services or only those services that are
>> wanted on a systems and are regarded as secure/bugfree.
>
>I'll disagree with you here. I personally find too many hackers out
>there looking for systems to probe, and I don't want my system saying
>"I'm here" to anybody.

http://www.iks-jena.de/mitarb/lutz/usenet/Firewall.html#Verstecken
Rough Translation:
  In order to be invisible simply respond with "ICMP - Host/Network
  unreachable" with the address of your nearest router to every incoming
  package.

  Note: No answer is the same as "I'm here and fine." If your are not
  there an other system would respond with "He's not there." This system
  is your nearest router. (And it is located at your provider and you were
  not connected to the internet.)

>> Use bugfree sofwtare, when offering services.
>
>Um, and where do you find this "bugfree" software?

At your distributor's site and favorite bugtraq account.