Dne po 9. duben 2001 21:40 Jim Breton napsal(a): > On Mon, Apr 09, 2001 at 03:20:00PM -0400, Noah L. Meyerhans wrote: > > Ask yourself this: *Why* should ICMP be filtered? What are you gaining? > > Do you sleep better at night knowing that your machine won't respond to > > pings? It really doesn't make you any safer. > > What are you gaining by responding to them?
RFC compliancy isn't enough? IMHO should be. > A decent policy is to drop everything you don't need to respond to. breaking everything you do not need to work isn't decent. someone else might need. > You do gain some "security through obscurity." Depending on how much "security through obscurity." = "false feeling of security" :-) > you value this contributes to your subsequent choice. > > For instance, many script kiddies will not scan your entire box if you > are undetected by a ping sweep. Granted, if you have other > vulnerabilities that you are hiding then you have bigger problems. But > it can buy you some time at least. Script kiddie scanning your entire box won't hurt you much. -- S pozdravem Vaclav Hula [EMAIL PROTECTED] Capitol Internet Publisher, Korunovacni 6, 170 00 Prague 7, Czech Republic tel.: ++420 2 3337 1113, fax: ++420 2 3337 1112
