RFE: FireKit
Matthew Woehlke
mw_triad at users.sourceforge.net
Fri Jul 24 19:21:40 UTC 2009
Björn Persson wrote:
> Matthew Woehlke wrote:
>> Björn Persson wrote:
>>> Matthew Woehlke wrote:
>>>> an iptables rule
>>>> that allows stuff if there is a socket that will receive it, otherwise
>>>> can drop
>>> Where's the point in that?
>> Stealth? You might as well ask what is the point of using DROP (instead
>> of REJECT) at all. Obviously there is a reason or else it wouldn't exist.
>
> That's obscurity, not security.
Why is it people seem to have a problem with obscurity *on top of*
security? What's wrong with making it as hard as possible for the "bad
guys"?
> If there's a hole in Sendmail for example,
> then attackers trying to exploit that hole won't start by probing port 26384
> and then connect to port 25 only if they get an RST packet from port 26384.
...and if I happen to not be running sendmail at the time, my machine
will appear to not exist, rather than going on the 'try other exploits'
list. (Especially if I happen to be not running /any/ services at the
time and am therefore truly stealthy.)
> You're not truly "stealth" unless you drop *all* packets, at which
> point you can just as well unplug the network cable (or turn WiFi off
> with the kill switch).
Not all packets, just incoming ones that don't belong to established
connections. (I'll assume we're not talking about a black hat to whose
server you have explicitly connected.)
Besides, you didn't address the original question: if DROP is as
non-useful as you claim, why does it exist?
--
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
--
"unsubscribe me plz!!" -- Newbies
More information about the fedora-devel-list
mailing list