Mike McClain <mike.j...@nethere.com> wrote: > On Wed, Jul 30, 2014 at 01:09:24AM +0200, Pascal Hambourg wrote:
> <snip> >> You can safely ignore that "stealth" FUD. > block:REJECT::Stealth:DROP > Why do you say it can be ignored? If I try to connect to a system on (for example) IP 192.168.40.60 and port 80 and there is no system with that IP, the router for the network will tell me via an "ICMP host unreachable" package. When my request just "vanishes" and I get no response back, I will suspect that there is indeed a device at that IP which tries to be in "stealth" mode. The only way to be really stealthy and hide ones network existance is to configure the router _before_ your device to reject the packages with the correct ICMP. Doing on the device you want to stealth is futile. And it will increase the traffic you receive, because normal TCP stacks will assume a lost package and retry sending it multiple times. If your device justs RSTs the connection or sends an "ICMP admin prohibited" then the sending device will know what to do and stop trying to resend. Summary: DROP does not do what you think it does. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/aasdo1h96...@mids.svenhartge.de
