[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I change my firewall ports to stealth mode?

On Tuesday, Sep 28, 2004, at 16:34 US/Pacific, Daniel Hartmeier wrote:

On Tue, Sep 28, 2004 at 04:23:43PM -0700, Trevor Talbot wrote:

It is. It's a mitigating mechanism for many types of worms/bots/whatever, since they aren't capable of poking holes in their computer owner's broadband NAT device.

That's what UPnP is for, isn't it?

*grin* luckily they don't seem to have caught up with that...

On Tuesday, Sep 28, 2004, at 16:39 US/Pacific, [email protected] wrote:

Yea, sure. I've seen *many* bots with identd running happily joining command and control IRC servers. Those servers are almost always rogue servers that don't care if identd is running.

Sure, there are always machines that aren't filtering identd, and of course the control servers won't care. I said it was a mitigating thing, not a prevention thing :)

More of an issue are the things that attempt to spread, as those want to be on the big networks where everyone can see them. The average exploited cable/DSL machine also won't have identd enabled. Put two and two together, and it's useful.

Another use is requiring shell providers to properly identify their customers for abuse control, lest they lose all connectivity to an IRC network. 'Course, that only works if it's a network their customers care about, and it's a bit away from the original identd/pf scenario under discussion.

Anyway, IRC networks do still find ident useful and even require it at times.