On Sep 28, 2004, at 2:13 AM, Siju George wrote:
I changed the block-policy from return to drop. Now my ports except 113 are showing up as stealthed while twsting from
http://www.grc.com/x/ne.dll?rh1dkyd2
The Port 113 was opened because the PF FAQ asked to open it for SMTP
"Auth/Ident (TCP port 113): used by some services such as SMTP and IRC. ICMP Echo Requests: the ICMP packet type used by ping(8). "
Now ask yourself- what's the point of dropping packets ("woo, I'm in stealth mode, woo..."), when a simple 1-1024 portscan will reveal you thanks to port 113 accepting connections (or sending resets, not sure if your identd is actually running)? Why wouldn't you rather just deny all and avoid behaving like a doof?
-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net
