From owner-freebsd-current Tue Aug 17 7:16:52 1999 Delivered-To: freebsd-current@freebsd.org Received: from gungnir.fnal.gov (gungnir.fnal.gov [131.225.80.1]) by hub.freebsd.org (Postfix) with ESMTP id 9A6A715692 for ; Tue, 17 Aug 1999 07:16:42 -0700 (PDT) (envelope-from crawdad@gungnir.fnal.gov) Received: from gungnir.fnal.gov (localhost [127.0.0.1]) by gungnir.fnal.gov (8.9.1/8.9.1) with ESMTP id JAA02482 for ; Tue, 17 Aug 1999 09:17:12 -0500 (CDT) Message-Id: <199908171417.JAA02482@gungnir.fnal.gov> To: current@FreeBSD.ORG From: "Matt Crawford" Subject: Re: Dropping connections without RST In-reply-to: Your message of Mon, 16 Aug 1999 20:37:09 PDT. <199908170337.UAA10246@gndrsh.dnsmgr.net> Date: Tue, 17 Aug 1999 09:17:11 -0500 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I see no point in the proposed mechanism. The scanner can still tell the difference between a port with a listener and a port with none. The only case in which the attacker is confounded would be in distinguishing a box which is down or off the net from a box which has *no* services and does not answer ping. I call that an uninteresting case. In the endless volley between attacker and defender, this would be a very feeble shot indeed. ______________________________________________________________________________ Matt Crawford crawdad@fnal.gov Fermilab "A5.1.5.2.7.1. Remove all classified and CCI boards from the COMSEC equipment, thoroughly smash them with a hammer or an ax, and scatter the pieces." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message