RFE: FireKit

Björn Persson bjorn at xn--rombobjrn-67a.se
Fri Jul 24 23:40:47 UTC 2009 

Matthew Woehlke wrote:
> Björn Persson wrote:
> > That's obscurity, not security.
>
> Why is it people seem to have a problem with obscurity *on top of*
> security? What's wrong with making it as hard as possible for the "bad
> guys"?

It could be because you're not actually making it any harder for the bad guys, 
only for yourself and for me.

> > If there's a hole in Sendmail for example,
> > then attackers trying to exploit that hole won't start by probing port
> > 26384 and then connect to port 25 only if they get an RST packet from
> > port 26384.
>
> ...and if I happen to not be running sendmail at the time, my machine
> will appear to not exist, rather than going on the 'try other exploits'
> list. (Especially if I happen to be not running /any/ services at the
> time and am therefore truly stealthy.)

Your address will go on the "try other exploits" list anyway, because the bad 
guys know that many people think they're more secure if they're "stealthy". 
They won't conclude that your machine doesn't exist. They'll only conclude 
(correctly) that there's no public SMTP service at that address.

> > You're not truly "stealth" unless you drop *all* packets, at which
> > point you can just as well unplug the network cable (or turn WiFi off
> > with the kill switch).
>
> Not all packets, just incoming ones that don't belong to established
> connections. (I'll assume we're not talking about a black hat to whose
> server you have explicitly connected.)

You're also assuming that the attacker doesn't already own any of the other 
machines in the local network, or café, or airport, or wherever you are at the 
moment. If he does, he'll be able to eavesdrop your established connections, 
and probably hijack them too. Even if those connections are encrypted and 
authenticated he'll still discover that your machine exists, despite all your 
stealthiness.

> Besides, you didn't address the original question: if DROP is as
> non-useful as you claim, why does it exist?

I did address that question. DROP exists so I can DROP disallowed broadcast 
and multicast packets and REJECT only unicast packets. If I'd REJECT broadcast 
packets I'd violate some RFCs and become a traffic multiplier for DDOS attacks.

Björn Persson

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20090725/fb6df2a9/attachment.bin

More information about the devel mailing list