on 28/9/04 12:16 pm, Siju George at [EMAIL PROTECTED] wrote: > Hi Jason! > > Thanks for the reply! > > But if I can get port 113 also in adaptive stealth mode like Zonealarm > did then it would be better isn't it?
If you're just trying to hide, then no. Personally I send RSTs on blocked ports, partly because I think it's more polite, but also because "filtered" ports show there's a firewall in the way, whereas RSTs could come from a firewall or a host. As someone said, the only advantage to a "drop" policy is it slows down portscans, but that's irrelevant if we're talking about just one port. Although Zonealarm's explanation was a bit hazy, it sounds as if it simply drops the packet if there's no state associated with the remote server, which is easy to do with pf (just accept packets with "keep state flags S/SAFR" and then block anything else on port 113). If Zonealarm's nmot using states, how else can it know if there's an "existing relationship" with the remote server...? Oliver. -- Oliver Humpage ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444 E-mails received are assumed to be for my attention, to do with as I wish. No responsibility is accepted if communications are sent to me in error. This disclaimer has as much legal status as yours.
