Re: [Patch] IPv4 TCP security impovement

David Lang (dlang@diginsite.com)
Sun, 10 Jan 1999 20:27:04 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: joe@test.com: "MAKE MONEY WHILE YOU SLEEP"
Previous message: Andy Carlson: "Re: ncr53c8xx still doesn't work !!!"

-----BEGIN PGP SIGNED MESSAGE-----

I have not been paying to much attention to this thread so my apoligies if
I am misunderstandiing this.

the origional proposal was to make ports that are not listened to return
nothing and log the attempt instead of returning a reset. As you mention
this is a firewall function. Can the ipchains do this or does this need to
ba added?

David Lang

"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)

On Sun, 10 Jan 1999, Savochkin Andrey Vladimirovich wrote:

> Date: Sun, 10 Jan 1999 18:36:01 +0300
> From: Savochkin Andrey Vladimirovich <saw@msu.ru>
> To: Andi Kleen <ak@muc.de>, Joachim Baran <jbaran@hildesheim.sgh-net.de>
> Cc: linux-kernel@vger.rutgers.edu
> Subject: Re: [Patch] IPv4 TCP security impovement
>
> On Sat, Jan 09, 1999 at 01:53:53AM +0100, Andi Kleen wrote:
> [...]
> > The patch is not suitable for kernel inclusion IMHO.
>
> I agree. ACK+RST replies were invented for good reasons.
>
> If somebody wants to hide which ports are open
> he should better configure a firewall.
>
> Regards
> Andrey V.
> Savochkin
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQEVAwUBNpl9nD7msCGEppcbAQHGKAf/SR0ZGDGDKKJNx47Ov+TOI6RyH67fXHaA
lwM9vfZ7hfQrSwnGWCazZh1yxKCGmRwoQn80vfBQnSggr5PYAzTHzKWJl6ex6GDp
tZTWG9FWVxeOb+FCaUI6z/oVYma3IeJthsRBqjtmJXh3/jPwKK0RR5a7BN86eCaC
cWqGcivzvs0mr04LZzWTRnPh/JJq2kOjqK+sAAT8BLldZ6kcnJDGU/qj/0AM8J7z
pZl2VgaNtA7QgNhmfXuH37Am4Dh/JLoE0epx7eaf4Zs3gZ2XgLeXob/ysoM/gvS1
DuS+Bwe1DQNmL4fYxYwPrTzsPoU0Wrz99MihdisW5hUZFqC8FHdUxQ==
=L4yn
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: joe@test.com: "MAKE MONEY WHILE YOU SLEEP"
Previous message: Andy Carlson: "Re: ncr53c8xx still doesn't work !!!"