Re: iptables: drop or reject?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: iptables: drop or reject?
From: Bruno Wolff III <bruno@xxxxxxxx>
Date: Sun, 28 Oct 2007 11:52:41 -0500
Cc: For users of Fedora <fedora-list@xxxxxxxxxx>
In-reply-to: <472447D5.5020602@xxxxxxxxxxxxxxxxxxxxxx>
References: <4720D854.2010801@xxxxxxxxxx> <20071026144758.GB8416@xxxxxxxx> <472447D5.5020602@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: For users of Fedora <fedora-list@xxxxxxxxxx>
User-agent: Mutt/1.4.2.1i

On Sun, Oct 28, 2007 at 17:27:01 +0900,
  John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> 
> Anyone who thinks identd provides any security at all wrt computers they 
> don't control is ignorant or stupid.
> 
> It's trivial to find (or even, at a pinch write/modify one) a fake 
> identd that will say anything one chooses; anyone implementing security 
> assuming otherwise is trusting the untrustworthy.
> 
> Besides that, DOS boxes don't normally have one.

I wasn't advocating running ident, but rather not shooting one's self in the
foot by dropping (as opposed to rejecting) ident packets if you do use services
that try to do ident lookups. This is not the same as advocating actually
running an ident server.

References:
- iptables: drop or reject?
  - From: Ashley M. Kirchner
- Re: iptables: drop or reject?
  - From: Bruno Wolff III
- Re: iptables: drop or reject?
  - From: John Summerfield

Prev by Date: Re: can't read from a Ricoh SD (Secure Digital) card reader
Next by Date: Re: nvidia
Previous by thread: Re: iptables: drop or reject?
Next by thread: Re: iptables: drop or reject?
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux