Firewall Wizards mailing list archives
Re: NAK dropped SYN-packets to sender?
From: Matt Curtin <cmcurtin () interhack net>
Date: 10 Aug 1999 00:02:05 -0400
On Mon, 9 Aug 1999 09:47:30 +0200, "Frank Heinzius" <frimp () mms de> said:
Hallo, Frank> Both methods have their advantage: silent dropping gives you an Frank> additional kinda "security by obscurity" level. The Frank> disadvantage is that TCP stacks from the originator will do a Frank> couple of retransmits due to the timeouts. The "security by obscurity" isn't useful. However, the incredible amount of time that it would take in order to perform a traditional network scan is very useful. Frank> If I sent ICMP unreachable, the attacker knows that there is a Frank> firewall mechanism which make port scans very fast (if based on Frank> SYN-ACK). This can also be useful. The fact that traffic has been redirected doesn't mean that the original target host or service is there; it could just be a rule that applies to the entire network, even where hosts won't be found. Frank> What is the common and/or most recommended way? Both are common. Which you choose will depend on how you want to handle those who poke at your doors. It sounds like you understand the issues at hand. If you define your requirements, you'll likely be able to make the decision that is best. (It isn't like either one will be an absolute blunder.) -- Matt Curtin cmcurtin () interhack net http://www.interhack.net/people/cmcurtin/
Current thread:
- NAK dropped SYN-packets to sender? Frank Heinzius (Aug 09)
- Re: NAK dropped SYN-packets to sender? Perry E. Metzger (Aug 10)
- Re: NAK dropped SYN-packets to sender? Frank Heinzius (Aug 10)
- Re: NAK dropped SYN-packets to sender? Matt Curtin (Aug 10)
- Re: NAK dropped SYN-packets to sender? Perry E. Metzger (Aug 10)