Date: Wed, 09 Jul 2003 06:54:59 -0300 From: "Daniel C. Sobral" <dcs@newsguy.com> To: Socketd <db@traceroute.dk> Cc: hackers@freebsd.org Subject: Re: 5 "Advanced" networking questions Message-ID: <3F0BE673.10809@newsguy.com> In-Reply-To: <20030709102433.0d510abc.db@traceroute.dk> References: <20030707012205.3103dfc8.db@traceroute.dk> <20030707153314.GA1695@webboy.soth.at> <20030707180252.44036c61.db@traceroute.dk> <3F0A9A1C.25E6EB35@mindspring.com> <20030708131339.16da151f.db@traceroute.dk> <3F0AA830.9A82CB37@mindspring.com> <20030708140012.0fd685c8.db@traceroute.dk> <3F0BAD5C.65895290@mindspring.com> <20030709102433.0d510abc.db@traceroute.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Socketd wrote: > On Tue, 08 Jul 2003 22:51:24 -0700 > Terry Lambert <tlambert2@mindspring.com> wrote: > > >>>Hmm, why not just use a firewall? >> >>Because most firewalls, even commercial ones, don't block the >>ICMP messages you appear to be interested in blocking. >> >>You appeared to want to turn your FreeBSD box into what's >>normally called a "stealth" system: one that doesn't respond >>at all to external probe attempts. So it looked like you >>were trying to *write* a firewall, or at least find a set >>of rules that would let your FreeBSD box act as a "stealth" >>one. > > > I am mainly trying to hide my firewall/gateway and logserver. > Thank you for your reply, I'll go read a little :-) Err... contrary to what Terry says, there is an option that prevents FreeBSD from decreasing TTL, thereby making it stealth. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@professional.bsdconspiracy.net Spellng is overated anywy.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F0BE673.10809>