RFE: FireKit

[Matthew Woehlke]

Björn Persson wrote:
> Matthew Woehlke wrote:
>> Björn Persson wrote:
>>> Matthew Woehlke wrote:
>>>> an iptables rule
>>>> that allows stuff if there is a socket that will receive it, otherwise
>>>> can drop
>>> Where's the point in that?
>> Stealth? You might as well ask what is the point of using DROP (instead
>> of REJECT) at all. Obviously there is a reason or else it wouldn't exist.
> 
> That's obscurity, not security.

Why is it people seem to have a problem with obscurity *on top of* 
security? What's wrong with making it as hard as possible for the "bad 
guys"?

> If there's a hole in Sendmail for example, 
> then attackers trying to exploit that hole won't start by probing port 26384 
> and then connect to port 25 only if they get an RST packet from port 26384.

...and if I happen to not be running sendmail at the time, my machine 
will appear to not exist, rather than going on the 'try other exploits' 
list. (Especially if I happen to be not running /any/ services at the 
time and am therefore truly stealthy.)

> You're not truly "stealth" unless you drop *all* packets, at which 
> point you can just as well unplug the network cable (or turn WiFi off
> with the kill switch).

Not all packets, just incoming ones that don't belong to established 
connections. (I'll assume we're not talking about a black hat to whose 
server you have explicitly connected.)

Besides, you didn't address the original question: if DROP is as 
non-useful as you claim, why does it exist?

-- 
Matthew
Please do not quote my e-mail address unobfuscated in message bodies.
-- 
"unsubscribe me plz!!" -- Newbies