At 09:54 AM 09/07/2000 -0400, Michael W. Burden wrote: >--------------------- Attention ----------------------------- >Online GNAT Box User Forum is Now Open >Click the Register link and sign up today >http://www.gnatbox.com/cgi-bin/Ultimate.cgi >------------------------------------------------------------- >Send postings to: [EMAIL PROTECTED] >Access the list archives at: http://www.gnatbox.com/gb-users/ >------------------------------------------------------------- >I was reading about another firewall, and the article was mentioning >the way that firewall handles the AUTH port (113). > >Essentially, an external host could only query AUTH if it already had >an open connection. Otherwise, the firewall didn't respond at all to >an AUTH request. > >I was thinking that if this could be combined with the way that GNATBox >already handles AUTH (by responding, "hidden-user"), there would be two >advantages: >1. We wouldn't have to deal with some newbie asking "Why is my port 113 > showing as open on a scan?" every month. >2. A network that provides no services and is protected by a GNAT Box > could be completely invisible to a scan. Since the AUTH port > wouldn't > respond to a scan (since the scanner wouldn't have an open > connection), > there would be nothing to indicate to the scanner that there was even > a host at the address being scanned.
this sounds good to me...
