[wplug] users sending to wrong email address
Christopher DeMarco
demarco at maya.com
Thu Jan 3 11:52:39 EST 2008
On Thu, Jan 03, 2008 at 11:40:53AM -0500, Bill Moran wrote:
> of people setting up packet dropping firewalls all over the internet.
> TCP connections to closed ports should return RST. Sysadmins who don't
Uh, except that an RST is positive confirmation that *something* is
alive at that port. Dropping the packet provides no information about
whether the port is alive. RST means "no SYN/ACK"; "nothing" means
"no SYN/ACK *arrived*". Big difference.
Nmap, for example, has a discrete state of "filtered", which means
that it *can't tell* whether the port is open or closed. Some people
find this uncertainty useful -- sending RST tells an attacker that
there's definitely something there and that it doesn't want to talk;
silently doing nothing creates uncertainty.
--
Christopher DeMarco <demarco at maya.com>
Information Technology Supervisor
MAYA Group
+1-412-488-2900
More information about the wplug
mailing list