on Wed, Jul 25, 2001 at 02:32:51PM -0400, Noah Meyerhans ([EMAIL PROTECTED])
wrote:
On Wed, Jul 25, 2001 at 01:38:19PM -0400, Jason Healy wrote:
Are there any drawbacks to DENY? Is there a general consensus on this
subject?
In general, DENY is good because it does just what your
On Tue, 31 Jul 2001 12:14:20 PDT, Karsten M. Self writes:
On Wed, Jul 25, 2001 at 01:38:19PM -0400, Jason Healy wrote:
Are there any drawbacks to DENY? Is there a general consensus on this
subject?
The benefits are twofold:
- For a two-stage scan, DENY gives the appearance of an
On Wed, 25 Jul 2001 17:12:22 PDT, Alvin Oga writes:
Moral of that story is to make sure that you either run an ident
server, or set it to REJECT.
Well, I wouldn´t (and don´t) run identd, since I have no intention of
revealing the name of the user running a particular service (in
if one
Greetings, all,
Just looking for some opinions/feedback from y'all.
I'm responsible for a few servers that are connected to the internet.
They are all running 2.2.19 kernels with ipchains. Ports are open for
apache, ftp, smtp, ssh and imap, but all others are closed with a policy
of REJECT.
I
At 996072286s since epoch (07/25/01 12:44:46 -0400 UTC), Matthew Thompson wrote:
I was talking with a friend of mine who said it's better to have a policy
of DENY since that doesn't return any information and if someone is trying
to attack the machine on a closed port, it will take much longer
On Wed, Jul 25, 2001 at 01:38:19PM -0400, Jason Healy wrote:
Are there any drawbacks to DENY? Is there a general consensus on this
subject?
In general, DENY is good because it does just what your friend says.
This also makes things like portscans more difficult, as they take
longer to
At 996089571s since epoch (07/25/01 14:32:51 -0400 UTC), Noah Meyerhans wrote:
There's definitely no consensus on this; it's largely a matter of
personal taste.
I definitely agree there.
I don't see how making portscans take longer equates to making them
more difficult to perform, as you
On Wed, 25 Jul 2001 13:38:19 EDT, Jason Healy writes:
DENY vs. REJECT
The other problem is that if you DENY certain oft-used services, you
can cause problems. For example, if you DENY on the ident service
port, machines trying to connect to you will timeout waiting for ident
info. Some mail
hi ya
Moral of that story is to make sure that you either run an ident
server, or set it to REJECT.
Well, I wouldn´t (and don´t) run identd, since I have no intention of
revealing the name of the user running a particular service (in
if one runs identd... any incoming email address to
9 matches
Mail list logo
