On 1100516050 seconds since the Beginning of the UNIX epoch
Simon Hitzemann wrote:
>

>On Mon, Nov 15, 2004 at 09:00:40PM +1100, Dmitri Nikulin wrote:
>>I didn't say anything about making it more secure, but it gives=20
>>anonymity where ports can be open or closed, and when closed they are as=
>=20
>>if nonexistent.
>
>Most people unfortunately think that no answer means that there is
>nothing here. That's wrong. If there is no answer on a SYN request or
>UDP packet, it means there is some packetfilter dropping packets. If
>that port was nonexistent as in there is no machine, then the router
>before that machine would have to answer.
>
>I see no advantage in dropping RST packets or ICMP port unreach as they
>only slow down portscans. They are not stopping them. At the end this
>behaviour might even disturb other users, because ident requests get
>dropped instead of being rejected etc.

Well, they do not even slow down well written port scans.  All you
need to do is a simple memory for time tradeoff and do them in
parallel.  If you find an open port on the machine, you can easily
figure out how long it generally takes to respond---so you can make
your timeouts quite short, say double or triple the avg response
time.  So, you do not even need a lot of memory.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/