Speaking of wireless
Kevin D. Clark
kclark at CetaceanNetworks.com
Wed Aug 28 13:47:26 EDT 2002
pll at lanminds.com writes:
> In a message dated: Wed, 28 Aug 2002 12:49:20 EDT
> Michael O'Donnell said:
>
> >How does refusing to do ICMP make a box more secure?
>
> They can't finger-print your TCP/IP stack and determine what OS
> you're running. This makes it difficult to then know what types of
> script-kiddies to run in order to root your box.
However, refusing to respond to any ICMP is anti-social in a
networking sense; this breaks various things (like TCP path MTU
discovery, for example). This behavior is non-compliant with how the
specs are written. As such, if you set up a server this way, not
everybody is going to be able to use it.
--kevin
--
Kevin D. Clark / Cetacean Networks / Portsmouth, N.H. (USA)
cetaceannetworks.com!kclark (GnuPG ID: B280F24E)
alumni.unh.edu!kdc
More information about the gnhlug-discuss
mailing list