[1869] in linux-security and linux-alert archive
[linux-security] Re: Services not required?
daemon@ATHENA.MIT.EDU (Brandon S. Allbery KF8NH)
Mon Jun 15 02:36:10 1998
To: MushyPea <mushypea@dominion.net.uk>
cc: linux-security@redhat.com
In-reply-to: Your message of "Thu, 11 Jun 1998 15:17:12 BST."
<Pine.LNX.3.96.980611145912.13628A-100000@limbo.alpha4.com>
Date: Sun, 14 Jun 1998 08:24:46 -0300
From: "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
In message <Pine.LNX.3.96.980611145912.13628A-100000@limbo.alpha4.com>,
MushyPe
a writes:
+-----
| 1) You are blatantly advertising the firewalling.
|
| 2) Certain OS's don't recognise the packet - I am informed that certain
| versions of SunOS simply ignore the packet completely, and therefore
| re-send the SYN packet until the TCP session times out - exactly what
| we're trying to avoid.
+--->8
3) Older Ultrix, and possibly some other OSes, will drop *all* connections
to the host upon receiving such a packet.
In any case, I use "-a deny" instead.
[mod: One such "Other OS" is HPUX. -- REW]
--
brandon s. allbery [team os/2][linux][japh] allbery@kf8nh.apk.net
system administrator, ece facilities allbery@ece.cmu.edu
carnegie mellon university (bsa@kf8nh is still valid.)
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null