Bourque Daniel wrote: > Normally, you want your FW to be as invisible as possible (black hole) so > you just drop all incoming packet that are not specifically allowed in by a > rule. What you can't see can only be attack by guessing. Rejecting give > back information to the bad guy...
hmmm.... i think it is a black hole only if it does not respond on any port. that is, every port is drop (deny). of couse, in that case, nothing gets through the network. if you drop packets on most ports, but allow some in on others, you are telling the "bad guys" that you are using a firewall and that you drop packets instead of reject them. if you reject packets, then you might just be a host that does not have that service running. in either case, i don't think it is going to make much of a difference to most "bad guys", since they will just try and hack you on the ports that are open in any case. > > > In the case of a smtp mail server, it's better to reject incoming IDENT > request otherwise, you will have timeout problem with the smtp delivery of > your mail going out to some servers.. this is true! > I had heard that it is better to have a 'reject' rule instead of a > 'deny' one, as reject will give back an immediate reply to the > interrogator, while just rejecting the query can give you a multitude of > 'retry', which can eat you bandwidth with lots and lots of retries. If > possible, can somebody point me where can I get correct information on > this (white papers, hints, tips, anything..) > > Nick wrote: > > > I was under the impression that the "stealth rule" was to have anything > > going directly to your Firewall dropped, therefore making your FW's > > addess a "black hole". It never answers anything, except what you > > specifically allow for management purposes. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/
