Re: Kerio PFW 2.14 - Safe?
From: Felix Tiede (tiede_at_pc-tiede.de)
Date: 09/10/04
- Next message: Felix Tiede: "Re: Kerio Personal Firewall and connection that I don't understand..."
- Previous message: Kerodo: "Re: IP address spoofing"
- In reply to: Mailman: "Re: Kerio PFW 2.14 - Safe?"
- Next in thread: Copelandia Cyanescens: "Re: Kerio PFW 2.14 - Safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Sep 2004 09:55:43 +0200
Mailman wrote:
> Felix Tiede wrote:
>
>>A good firewall should signal to the sender, that the port is either
>>closed or communication is prohibited. Otherwise the sender can be sure,
>>that there is something and it's trying its best to conceal itself. If a
>>system should be hidden from the net, the last router before this system
>>should send a "destination host unreachable".
>>The difference between Kerio 2.1.5 and 4.x may be, that the latter uses
>>TCP RST packets to signal a closed port (which is almost equal to ICMP 3).
>>If there are *no* packets sent back to the DNS, the firewall doesn't obey
>>the RFCs regarding these cases, which is development in the wrong
>>direction.
>
>
> In principle your analysis is almost correct, with one small error: there is
> little chance of answering with a TCP RST to a UDP packet (he was talking
> about DNS, which is - mostly - UDP).
>
> Some firewalls make a virtue out of sending no reply, and they even invented
> a new term for it: "stealth". This may be great for a marketing brochure,
> but is quite useless in the real world, especially if you have any service
> at all open on your machine, with any protocol. Even worse, this breaks
> some RFC's - not that that ever stopped the marketroids.
Yes, you're right, I've missed that point. So Kerio has also made the step
to use this famous but almost completely useless "stealth" feature. One more
point to the list of reasons why I'm happy to stick with Kerio 2.1.5...
Greetings,
Felix
- application/pgp-signature attachment: OpenPGP digital signature
- Next message: Felix Tiede: "Re: Kerio Personal Firewall and connection that I don't understand..."
- Previous message: Kerodo: "Re: IP address spoofing"
- In reply to: Mailman: "Re: Kerio PFW 2.14 - Safe?"
- Next in thread: Copelandia Cyanescens: "Re: Kerio PFW 2.14 - Safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
