Hello All! >People who deploy "allow all, filter selected" firewalls are bettor off with brain surgery, if you ask my >opinion. Hallelujah! >Anyone else care to contribute thoughts on this matter ? In my practice, a host that is dead to the world, is alive for IP Spoofing =) What I have found that seems to help all in all (**MY opinion follows, it is MINE and I do not take any responsibilty for what YOU do with it**) is to DROP most ports. TCP-RST A few of the common ports I dont use (53, 8080, ect), and Only allow ICMP-PING . Yes it lets a Scanner know there is something there, because there is, and regardless of what you do to hide a machine, Its still there. It helps to prevent spoofing that way, and an attacker is going to know there is a firewall there. Think about it, if an attacker doesnt get in on its own, or easily (worms, automated root-kits, ect) and they really want to get in, they arent the normall Script-Kiddie that bounces off my firewalls everyday. I guarentee you they will know you are running a firewall regardless what you do. So who are you hiding it from? Sal --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 29 2003 - 09:33:56 PDT