-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Glenn English wrote: > On Dec 5, 2009, at 5:57 AM, Matt Nordhoff wrote: > > All traffic to any service not offered publicly somewhere on my network is > dropped without further comment at the border router. You guys seem to be not > doing that. > > Am I wrong in that (IYHO :-) > You're kinda incorrect. I'm not one of the crazy people that has RFC documents memorized but the one for tcp/ip states that if a network node (computer, server, endpoint router, etc) receives data on a port it doesn't have a service running on, it should reply back with an ICMP Unavailable (I think) message to indicate that port is closed for connections. Dropping packets that come in on unknown ports (called Stealthing) is actually against the official RFC. But it's done for security. For example if you don't run any services at home a port scan on the router would come up blank, like you don't even exist on the internet. Still current routers default to dropping all packets silently, which is what security conscious people want. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksbV1gACgkQiSebwryQIwzIxACfY6lzj2+V/VovfepfdRnKkJvg 05oAnixxBYYL4KSq67RksrW1nQJyyB2/ =WUHz -----END PGP SIGNATURE----- _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
