On Thu, May 09, 2002 at 06:54:23PM +0200, Tony Earnshaw wrote: > tor, 2002-05-09 kl. 17:01 skrev Ramin Alidousti: > > > This was a very cool and valid note from Joe. > > O.k. The blind man was about to cross the pedestrian crossing. "Excuse > me", he said to the person next to him, "are the lights green or red?" > "I should put it up, yes", said the man next to him, "I think it's going > to rain".
I feel so stupid. I don't get it... > > OK. As long as you don't let anybody in, it's OK. Now, the diff > > between DROP and REJECT (either with ICMP or whatever) is that: > > > > 1) You'll be exposed for OS finger print. > > I'm exposed to it anyway, I can (and do use nmap), next: I feel so stupid. I don't get it... > > 2) You'll use up your uplink bandwidth. > > Not much, no. Next: I feel so stupid. I don't get it... > > 3) In some cases, you don't want to be polite and have the client > > break out of its waiting... > > No. Port unreachable is port unreachable, reset is reset. Next: I feel so stupid. I don't get it... > > 4) I've seen cases in the past that the spoofed syns had caused > > major traffic on the uplink: syn, reset, icmp(network unreach) > > are the minimum packet exchange, all on your uplink. > > Convincing. But the b*gg*r knows I'm there anyway. You count too much on this b*gg*r's intelligence. Most of these b*gg*rs just try a _very_ big range of netblocks without even noticing you and your existence. You just draw their attention by saying "kookoo, reset (or whatever), I'm here..." > How could he spoof syns? I feel so stupid. I don't get it... > Apart from syn floods from others? > What would he be doing with syns on UDP ports? Give an example of UDP (except for DNS and NTP) and hopefully you're not doing NFS and RPC over the Internet. If so, I again feel so stupid. I don't get it... > What about my syn flood rule? What about the syn-cookie, the blind man said... > Come off it Ramin, you can do better. I've seen your real venom, "bit You aint see nothing yet. Ramin > buckets" and such for people who you don't like. > > Best, > > Tony
