Netfilter/Ipchains best practices -- the stealthing debate. - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Netfilter/Ipchains best practices -- the stealthing debate.

  1. #11
    Member
    Join Date
    Oct 2001
    Posts
    88
    imho it is a *very bad idea* to discount the script kid O's. A real hacker may root your box and have a look around or whatever. Script Kiddies are a lot more likely to rm -rf your box or other general mean things. Besides the world is full of lamers and kiddies, and that is reasson enough for me to take their actions/attempts seriously.
    Share on Google+

  2. #12
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Petemcevoy said:
    There is a chance that i'm being presumptous about your intellectual high ground - i'm in a stinkin mood - if i'm wrong - i apologise.
    No apology needed, and no, I wasn't being condescending. It was an honest question, I'm honestly curious as to how other people approach the subject.

    psi0nic said:
    imho it is a *very bad idea* to discount the script kid O's. A real hacker may root your box and have a look around or whatever. Script Kiddies are a lot more likely to rm -rf your box or other general mean things. Besides the world is full of lamers and kiddies, and that is reasson enough for me to take their actions/attempts seriously.
    Don't get me wrong, I'm not discounting them. Indeed, my firewalls rules are set up in a very similar way when it comes to pings, blatant portscans, etc.. I agree that they represent a major percentage (probably 80-90%) of all malicious traffic on the web, and that that alone is why you should do what you can to stop them.

    The real question I'm asking here is does drop/deny do anything more than reject does?

    I mean, to a point I think a script kiddie would see a drop/deny response and think nothing's there, but a real cracker/hacker could tell that there's a PC there based on the response (or lack thereof).

    REJECT, on the other hand, will tell you that there's definitely a PC there, but that the port isn't open.

    From a strict networking point of view, it's better to simply reject packets than to drop/deny them, but drop/deny will delay a portscan.

    It's a fairly trade-offish issue, which is why I'm curious as to what you guys think.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •