Re: [Sheflug] Security (again, the final word)

["Stephen J. Turnbull" <nospam [at] sk.tsukuba.ac.jp>]

>>>>> "Chris" == Chris J/#6 <sixie [at] nccnet.co.uk> writes:

    >> You should have ssh on port 22, if that's set up correctly, and
    >> telnet should be closed, not stealth.

    Chris> telnet can be stealth - no problems with that...on my
    Chris> machine all ports are DENY'd (which shieldsup reports as
    Chris> 'stealth') apart from ident, which I REJECT (shieldsup ==
    Chris> closed).

There are no technical problems with telnet being stealth, but in
general DENYing implies that you assume such attempts are necessarily
evil.

Personally, I prefer to REJECT everything.  And the RFCs say you
_should_.  On average, it makes them go away faster....

The stealth/closed terminology is really ugly, too.  There's nothing
"stealthy" about DENYing; you're simply ignoring the packet rather
than politely refusing it.  (DENY itself is questionable; I would have
preferred IGNORE.)


-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
_________________  _________________  _________________  _________________
What are those straight lines for?  "XEmacs rules."
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.