mobility and firewall
Lance Lassetter
lance at uclinux.info
Fri Jun 3 22:24:25 CDT 2005
On Sat, 2005-06-04 at 05:17 +0200, Ivan Krstic wrote:
> Lance Lassetter wrote:
> > This is really simple and doesn't bind to any interface. I've tried
> > some new connect nmap scans on something similar to this and it did seem
> > to help to have something like this in place. Notice there are no
> > chains or the like, trying to keep it as simple as possible.
>
> The rule-by-rule explanation of the ruleset was unnecessary; it did not
> answer almost any of the questions I asked. My point is that the ruleset
> that you propose will *not* mitigate virtually any exploit you can find
> floating around, and as such is essentially useless. If you insist that
> defending against nmap connect scans is a worthwhile goal, then we may
> simply agree to disagree, but I don't expect you'll find many people who
> share your opinion.
>
> -IK
>
If you don't think portscans are relevant today to find weaknesses in
systems, I don't know what the hell planet you're from.
Lance(stuNNed)
More information about the ubuntu-devel
mailing list