tor, 2002-05-09 kl. 17:01 skrev Ramin Alidousti: > This was a very cool and valid note from Joe.
O.k. The blind man was about to cross the pedestrian crossing. "Excuse me", he said to the person next to him, "are the lights green or red?" "I should put it up, yes", said the man next to him, "I think it's going to rain". > OK. As long as you don't let anybody in, it's OK. Now, the diff > between DROP and REJECT (either with ICMP or whatever) is that: > > 1) You'll be exposed for OS finger print. I'm exposed to it anyway, I can (and do use nmap), next: > 2) You'll use up your uplink bandwidth. Not much, no. Next: > 3) In some cases, you don't want to be polite and have the client > break out of its waiting... No. Port unreachable is port unreachable, reset is reset. Next: > 4) I've seen cases in the past that the spoofed syns had caused > major traffic on the uplink: syn, reset, icmp(network unreach) > are the minimum packet exchange, all on your uplink. Convincing. But the b*gg*r knows I'm there anyway. How could he spoof syns? Apart from syn floods from others? What would he be doing with syns on UDP ports? What about my syn flood rule? Come off it Ramin, you can do better. I've seen your real venom, "bit buckets" and such for people who you don't like. Best, Tony -- Tony Earnshaw e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
signature.asc
Description: Dette er en digitalt signert meldingsdel
