Re: individual firewalls considered useless (Re: Send local mail - how?)

From: Charles Sullivan (cwsulliv_at_triad.rr.com)
Date: 01/25/05


Date: Tue, 25 Jan 2005 13:24:09 GMT

On Mon, 24 Jan 2005 22:31:04 -0800, Keith Keller wrote:

> On 2005-01-24, Charles Sullivan <cwsulliv@triad.rr.com> wrote:
>> In my particular case I have no public services and prefer to
>> appear as invisible as possible to the outside world.
>> But this router I have refuses to stealth the Ident port (113)
>> with its normal firewall rules. (I eventually found out that I
>> could have the router forward the packets to an unused IP address
>> to accomplish this.) So I wonder what other hidden "features"
>> the router might have.
>
> ''Stealthing'' the ident port on the router won't actually do a
> whole lot except protect the router from potential exploits that
> use that port. If they can ping your IP, you're already visible;

I have ping disabled also.

> being "as visible as possible" is like being a little bit pregnant.
> They know you're there, and they'll try to come and get you.
> And if you're forwarding ports to real machines inside your network,
> dropping port 113 packets won't deter anyone from finding and
> probing the ports you do have open, and probably won't delay them
> very much, either.

I have no public servers. The only open ports I'm aware of are
for DHCP and NTP, and they're restricted to specific IPs.
 
> I'm not saying that what you did is a bad idea, just don't get
> the idea in your head that somehow attackers see you ''less''
> for having done so. All you've done is protected the router
> from ident attacks.

Someone reading this newsgroup or at a website I've visited would
know there's a computer using my (dynamic) IP. But how would
anyone know whether there is still a live connection?

Regards,
Charles Sullivan