On Mon, Apr 30, 2007 at 09:35:02AM +0930, Adam Hawes wrote:
> > I find 'return' to be easier to work with. The LAN I am primarily
> > thinking about is both infested with Windows and accessible via VPN -
> > and the VPN has some Windows clients. Considering the people on said
> > LAN, who are both sweet and smart but not in general
> > computer-savvy, I'd
> > be highly surprised if an attacker spent much time on the firewall.
>
> Windows... This "stealth" mode you talk of, wasn't it a term coined by
> the irrefutable GRC in his quest to rub snake oil all over everything
> so it runs faster? I only ever hear users of the EvilOS talking about
> "stealthing" their boxes.
>
> Not replying may save a little bit of upload bandwitdh which may count
> if you're heavily scanned and have an asymmetric link with little
> outgoing bandwidth... but that is about all.
You seem to be confusing me with the OP, but yes. At least, the term
'stealth' is only used for and by Windows firewalls.
Then again, it's at least somewhat useful against the simpler worms out
there, so it might even make sense on a Windows box. (Not as much sense
as actually setting it up in a sane way, of course - but that takes some
effort and actual knowledge.)
Your point about limited upload bandwidth is correct, but mostly
irrelevant - if some skiddie wants to DDoS you, you *will* drop off the
net unless you have a very fast connection, upstream cooperation and/or
good hardware (and even then...).
Joachim
--
TFMotD: write (1) - send a message to another user
