[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How do I change my firewall ports to stealth mode?
On Tuesday, Sep 28, 2004, at 16:34 US/Pacific, Daniel Hartmeier wrote:
On Tue, Sep 28, 2004 at 04:23:43PM -0700, Trevor Talbot wrote:
It is. It's a mitigating mechanism for many types of
worms/bots/whatever, since they aren't capable of poking holes in
their computer owner's broadband NAT device.
That's what UPnP is for, isn't it?
*grin* luckily they don't seem to have caught up with that...
On Tuesday, Sep 28, 2004, at 16:39 US/Pacific,
[email protected] wrote:
Yea, sure. I've seen *many* bots with identd running happily joining
command and control IRC servers. Those servers are almost always rogue
servers that don't care if identd is running.
Sure, there are always machines that aren't filtering identd, and of
course the control servers won't care. I said it was a mitigating
thing, not a prevention thing :)
More of an issue are the things that attempt to spread, as those want
to be on the big networks where everyone can see them. The average
exploited cable/DSL machine also won't have identd enabled. Put two
and two together, and it's useful.
Another use is requiring shell providers to properly identify their
customers for abuse control, lest they lose all connectivity to an IRC
network. 'Course, that only works if it's a network their customers
care about, and it's a bit away from the original identd/pf scenario
Anyway, IRC networks do still find ident useful and even require it at