I was reading about another firewall, and the article was mentioning
the way that firewall handles the AUTH port (113).
Essentially, an external host could only query AUTH if it already had
an open connection. Otherwise, the firewall didn't respond at all to
an AUTH request.
I was thinking that if this could be combined with the way that GNATBox
already handles AUTH (by responding, "hidden-user"), there would be two
advantages:
1. We wouldn't have to deal with some newbie asking "Why is my port 113
showing as open on a scan?" every month.
2. A network that provides no services and is protected by a GNAT Box
could be completely invisible to a scan. Since the AUTH port wouldn't
respond to a scan (since the scanner wouldn't have an open connection),
there would be nothing to indicate to the scanner that there was even
a host at the address being scanned.
Anyone who actively participates in this group will probably agree with me
that advantage #1 alone would be more than worth it :)
Mike Burden
Lynk Systems
(616)532-4985
[EMAIL PROTECTED]
