Re: iptables: cannot talk to localhost

• Previous message: ngunity: "Re: Sonicwall VPN: Phase 2 failures Anyone know of a good resource for Sonicwall VPN support?"
• In reply to: Thomas Hertel: "Re: iptables: cannot talk to localhost"
• Next in thread: Thomas Hertel: "Re: iptables: cannot talk to localhost"
• Reply: Thomas Hertel: "Re: iptables: cannot talk to localhost"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Dec 2003 20:27:28 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 30 Dec 2003 14:47:35 +0100,
 Thomas Hertel <Thomas.Hertel@gmx.net> wrote:
> NeoSadist schrieb:
>
>> I'd still rather "stealth" my ports so that maybe they'll not see me, and even
>>then my router will be seen first.
>
> But they _will_ see you, whether you stealth or not. The only
> difference they will see is that in one case the port will be shown as
> "closed" and in the other it will be shown as "filtered" or
> "stealthed" or whatever. You have seen that a lot of times.
>
> A closed port is just as closed as a stealthed port.
> So what is wrong with sticking to the standard if violating it does
> not give you any advantage whatsoever?

One advantage of drop, over reject, is that it slows portscans to a
crawl.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/8lAwd90bcYOAWPYRAgxEAJwJKGAYJLXZXVzMUmCeJ2p9Mu5CIQCg75Zf
Icl0fCqqsgz/ax/spH8zOZw=
=ziho
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
"We have to go forth and crush every world view that doesn't believe in
tolerance and free speech," - David Brin

• Previous message: ngunity: "Re: Sonicwall VPN: Phase 2 failures Anyone know of a good resource for Sonicwall VPN support?"
• In reply to: Thomas Hertel: "Re: iptables: cannot talk to localhost"
• Next in thread: Thomas Hertel: "Re: iptables: cannot talk to localhost"
• Reply: Thomas Hertel: "Re: iptables: cannot talk to localhost"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Sleath ports with Sygate PF ... A closed port is a closed port and thus not vulnerable. ... >> stealthed port is either a closed port or an open port with some piece ... Any port scanner will see it. ... (comp.security.firewalls) Re: Sleath ports with Sygate PF ... A closed port is a closed port and thus not vulnerable. ... >> stealthed port is either a closed port or an open port with some piece ... You do not need to stealth a closed port, ... (comp.security.firewalls) Re: Need Configuration for Kerio running W2K Gateway to create 100% Stealth ... >A stealthed port hides your presence a closed port advertises it, ... >stealth with apparent contempt as if is irrelevant. ... Attacker knows: nothing to attack ... (comp.security.firewalls) Re: Sleath ports with Sygate PF ... I'm using Sygate Personal ... A closed port is a closed port and thus not vulnerable. ... You do not need to stealth a closed port, ... (comp.security.firewalls)