From owner-freebsd-security Sat Jan 12 7:32:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id A031637B402 for ; Sat, 12 Jan 2002 07:32:54 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 5FF8714C53; Sat, 12 Jan 2002 16:32:53 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Lamont Granquist Cc: Garrett Wollman , "Tim J. Robbins" , Subject: Re: options TCP_DROP_SYNFIN References: <20011217203955.K4651-100000@coredump.scriptkiddie.org> From: Dag-Erling Smorgrav Date: 12 Jan 2002 16:32:52 +0100 In-Reply-To: <20011217203955.K4651-100000@coredump.scriptkiddie.org> Message-ID: Lines: 14 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Lamont Granquist writes: > Anyway, more to the point of the original poster, if you're turning on > TCP_DROP_SYNFIN in order to block nmap host identification, you really > have too much free time on your hands. Most attackers are driven not by > which hosts they want to exploit but which exploits they have to use. > They tend to scan large blocks of addresses with automated attack tools > which don't bother to do any osdetection and just look for the service, > attempt to exploit it and return if the exploit was successful or not. You've never run an IRC server, have you? DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message