Re: individual firewalls considered useless (Re: Send local mail - how?)
From: Charles Sullivan (cwsulliv_at_triad.rr.com)
Date: Tue, 25 Jan 2005 13:24:09 GMT
On Mon, 24 Jan 2005 22:31:04 -0800, Keith Keller wrote:
> On 2005-01-24, Charles Sullivan <firstname.lastname@example.org> wrote:
>> In my particular case I have no public services and prefer to
>> appear as invisible as possible to the outside world.
>> But this router I have refuses to stealth the Ident port (113)
>> with its normal firewall rules. (I eventually found out that I
>> could have the router forward the packets to an unused IP address
>> to accomplish this.) So I wonder what other hidden "features"
>> the router might have.
> ''Stealthing'' the ident port on the router won't actually do a
> whole lot except protect the router from potential exploits that
> use that port. If they can ping your IP, you're already visible;
I have ping disabled also.
> being "as visible as possible" is like being a little bit pregnant.
> They know you're there, and they'll try to come and get you.
> And if you're forwarding ports to real machines inside your network,
> dropping port 113 packets won't deter anyone from finding and
> probing the ports you do have open, and probably won't delay them
> very much, either.
I have no public servers. The only open ports I'm aware of are
for DHCP and NTP, and they're restricted to specific IPs.
> I'm not saying that what you did is a bad idea, just don't get
> the idea in your head that somehow attackers see you ''less''
> for having done so. All you've done is protected the router
> from ident attacks.
Someone reading this newsgroup or at a website I've visited would
know there's a computer using my (dynamic) IP. But how would
anyone know whether there is still a live connection?