Date: Thu, 17 Feb 2000 11:27:00 -0800 From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> To: "Daniel C. Sobral" <dcs@newsguy.com> Cc: "Jordan K. Hubbard" <jkh@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc hosts.allow Message-ID: <755.950815620@zippy.cdrom.com> In-Reply-To: Your message of "Fri, 18 Feb 2000 04:22:27 %2B0900." <38AC4A73.DB68EB72@newsguy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Isn't silently dropping packets a much more efficient way of dealing > with attacks such as port scans, which are the ones most likely to > trigger hosts.allow rules? Perhaps, but I fail to see what this has to do with wrapper rules since whether the packet is "dropped" isn't up to the port listener (tcpd) anyway - by that time, it's far too late to drop anything. If you want to protect against port scans, learn to use ipfw or ipfilter. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?755.950815620>