* Kian Mohageri [EMAIL PROTECTED] [2007-05-02 21:52]:
Henning Brauer wrote:
* Chris Smith [EMAIL PROTECTED] [2007-04-25 00:42]:
Using openbsd as a firewall in several cases - a few small businesses, and
also for home use. Some websites, such as grc.com, stress that stealth
mode
* Chris Smith [EMAIL PROTECTED] [2007-04-25 00:42]:
Using openbsd as a firewall in several cases - a few small businesses, and
also for home use. Some websites, such as grc.com, stress that stealth mode
(which openbsd handles with ease) is the safest. But I've also read that
using 'return'
Henning Brauer wrote:
* Chris Smith [EMAIL PROTECTED] [2007-04-25 00:42]:
Using openbsd as a firewall in several cases - a few small businesses, and
also for home use. Some websites, such as grc.com, stress that stealth
mode
(which openbsd handles with ease) is the safest. But I've also
* Chris Smith [EMAIL PROTECTED] [2007-04-25 00:42]:
Using openbsd as a firewall in several cases - a few small businesses,
and also for home use. Some websites, such as grc.com, stress that
stealth mode (which openbsd handles with ease) is the safest. But
I've also read that using 'return'
Kian Mohageri wrote:
For my clarification, are we talking about stealth mode as in
dropping everything (including pings) from untrusted hosts, or
the default block-policy (drop vs. return)?
The only time when `dropping everything' is useful is when you are
under a ddos to prevent load on the
On Tuesday 24 April 2007 18:36, Chris Smith wrote:
Hello,
Using openbsd as a firewall in several cases - a few small businesses, and
also for home use. Some websites, such as grc.com, stress that stealth
mode (which openbsd handles with ease) is the safest. But I've also read
that using
On Mon, Apr 30, 2007 at 09:35:02AM +0930, Adam Hawes wrote:
I find 'return' to be easier to work with. The LAN I am primarily
thinking about is both infested with Windows and accessible via VPN -
and the VPN has some Windows clients. Considering the people on said
LAN, who are both sweet
I find 'return' to be easier to work with. The LAN I am primarily
thinking about is both infested with Windows and accessible via VPN -
and the VPN has some Windows clients. Considering the people on said
LAN, who are both sweet and smart but not in general
computer-savvy, I'd
be highly
On Tue, Apr 24, 2007 at 06:36:17PM -0400, Chris Smith wrote:
Hello,
Using openbsd as a firewall in several cases - a few small businesses, and
also for home use. Some websites, such as grc.com, stress that stealth mode
(which openbsd handles with ease) is the safest. But I've also read
Hello,
Using openbsd as a firewall in several cases - a few small businesses, and
also for home use. Some websites, such as grc.com, stress that stealth mode
(which openbsd handles with ease) is the safest. But I've also read that
using 'return' instead of 'drop' is good netizenship. So I'm
On 4/24/07, Chris Smith [EMAIL PROTECTED] wrote:
Hello,
Using openbsd as a firewall in several cases - a few small businesses, and
also for home use. Some websites, such as grc.com, stress that stealth mode
(which openbsd handles with ease) is the safest. But I've also read that
using 'return'
On 4/24/07, Chris Smith [EMAIL PROTECTED] wrote:
Hello,
Using openbsd as a firewall in several cases - a few small businesses, and
also for home use. Some websites, such as grc.com, stress that stealth
mode
(which openbsd handles with ease) is the safest. But I've also read that
using
Kian Mohageri writes:
I see no reason a host should receive any response at all when it is trying
to talk to a host that doesn't exist or a port that isn't actually listening.
Traceroute.
// marc
On 4/24/07, Chris Smith [EMAIL PROTECTED] wrote:
Hello,
Using openbsd as a firewall in several cases - a few small businesses, and
also for home use. Some websites, such as grc.com, stress that stealth
mode
(which openbsd handles with ease) is the safest. But I've also read that
Kian Mohageri wrote:
I could argue either way, but my preference is 'block drop' most of the
time.
Hopefully most of the time does not include ICMP.
---
Lars Hansson
* Lars Hansson [EMAIL PROTECTED] [2007-04-25 11:20:43]:
Kian Mohageri wrote:
I could argue either way, but my preference is 'block drop' most of the
time.
Hopefully most of the time does not include ICMP.
Yeah, wouldn't want to violate RFC 1122. ICMP is a Good Thing. $
ping machine is
On 4/24/07, Lars Hansson [EMAIL PROTECTED] wrote:
Kian Mohageri wrote:
I could argue either way, but my preference is 'block drop' most of the
time.
Hopefully most of the time does not include ICMP.
It doesn't.
--
Kian Mohageri
17 matches
Mail list logo
