Date: 12 Jan 2002 16:32:52 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Lamont Granquist <lamont@scriptkiddie.org> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, "Tim J. Robbins" <tim@robbins.dropbear.id.au>, <freebsd-security@FreeBSD.ORG> Subject: Re: options TCP_DROP_SYNFIN Message-ID: <xzpy9j3d1p7.fsf@flood.ping.uio.no> In-Reply-To: <20011217203955.K4651-100000@coredump.scriptkiddie.org> References: <20011217203955.K4651-100000@coredump.scriptkiddie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Lamont Granquist <lamont@scriptkiddie.org> writes: > Anyway, more to the point of the original poster, if you're turning on > TCP_DROP_SYNFIN in order to block nmap host identification, you really > have too much free time on your hands. Most attackers are driven not by > which hosts they want to exploit but which exploits they have to use. > They tend to scan large blocks of addresses with automated attack tools > which don't bother to do any osdetection and just look for the service, > attempt to exploit it and return if the exploit was successful or not. You've never run an IRC server, have you? DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpy9j3d1p7.fsf>