mobility and firewall
Ivan Krstic
krstic at hcs.harvard.edu
Fri Jun 3 22:17:10 CDT 2005
Lance Lassetter wrote:
> This is really simple and doesn't bind to any interface. I've tried
> some new connect nmap scans on something similar to this and it did seem
> to help to have something like this in place. Notice there are no
> chains or the like, trying to keep it as simple as possible.
The rule-by-rule explanation of the ruleset was unnecessary; it did not
answer almost any of the questions I asked. My point is that the ruleset
that you propose will *not* mitigate virtually any exploit you can find
floating around, and as such is essentially useless. If you insist that
defending against nmap connect scans is a worthwhile goal, then we may
simply agree to disagree, but I don't expect you'll find many people who
share your opinion.
-IK
More information about the ubuntu-devel
mailing list