On Thursday 09 May 2002 5:54 pm, Tony Earnshaw wrote: > O.k. The blind man was about to cross the pedestrian crossing. "Excuse > me", he said to the person next to him, "are the lights green or red?" > "I should put it up, yes", said the man next to him, "I think it's going > to rain".
Are you making fun of deaf people ? > > 1) You'll be exposed for OS finger print. > I'm exposed to it anyway, I can (and do use nmap), next: If you don't respond to the initial connection attempt, then people can't do an OS fingerprint on you. If you do respond (eg with a reset or an ICMP) then they have something to go on. > How could he spoof syns? Apart from syn floods from others? Yes, that's what spoofing means - creating packets with someone else's source address in them. Doesn't make them any less unwelcome on your network. > What would he be doing with syns on UDP ports? What about my syn flood rule? Er, syn and UDP ? There is no syn flag in a UDP header - in fact there are no flags at all in a UDP header. It's got a source & destination port number, a datagram length, and a checksum. That's it. I still maintain that the best solution is to (a) make your system secure, and then (b) make sure it doesn't give away any more information than it needs to. If you have an expensive car, you might fit a good immobiliser (if it hasn't already got one), and you'll have to pay a bit more for insurance, but you're still wise to keep it in a garage overnight instead of out on the street for everyone to see, admire, and consider taking away..... Antony.
