[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RFE: FireKit



Björn Persson wrote:
Matthew Woehlke wrote:
Björn Persson wrote:
Matthew Woehlke wrote:
an iptables rule
that allows stuff if there is a socket that will receive it, otherwise
can drop
Where's the point in that?
Stealth? You might as well ask what is the point of using DROP (instead
of REJECT) at all. Obviously there is a reason or else it wouldn't exist.

That's obscurity, not security.

Why is it people seem to have a problem with obscurity *on top of* security? What's wrong with making it as hard as possible for the "bad guys"?

If there's a hole in Sendmail for example, then attackers trying to exploit that hole won't start by probing port 26384 and then connect to port 25 only if they get an RST packet from port 26384.

...and if I happen to not be running sendmail at the time, my machine will appear to not exist, rather than going on the 'try other exploits' list. (Especially if I happen to be not running /any/ services at the time and am therefore truly stealthy.)

You're not truly "stealth" unless you drop *all* packets, at which point you can just as well unplug the network cable (or turn WiFi off
with the kill switch).

Not all packets, just incoming ones that don't belong to established connections. (I'll assume we're not talking about a black hat to whose server you have explicitly connected.)

Besides, you didn't address the original question: if DROP is as non-useful as you claim, why does it exist?

--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
"unsubscribe me plz!!" -- Newbies


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]