[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How do you hide/stealth your firewall...ideas?
Well, aside from the problems with a routing loop (if you are careless...) It would be nice to have your firewall transparent to the world, handling TTL in the traditional fashion defeats that. The less information attackers have the better. Even better, disinformation let them have. Having the firewall not decrement TTL is the simplest method if you could do it, and not have routing loop problems as a result. Using the spare router idea, you don't even have to mess with TTL mechanisms and you get the benefit of some disinformation (which is always good.) You can still have rules to allow your firewall to talk to other firewalls for tunnels etc. Your secure remote clients can still connect to the firewall. From what I can tell, everything should work fine assuming you put the proper rules in place. (for instance, you need a rule at the top of nat tab to not NAT the firewall to the 25xx router address when talking to other firewalls/endpoints...etc) -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Reed Mohn, Anders Sent: Thursday, November 01, 2001 4:09 AM To: [email protected] Subject: Re: [FW-1] How do you hide/stealth your firewall...ideas? > 3) It would be nice if Firewall-1 could pass ICMP traffic without > decrementing the TTL, Pls. excuse my ignorance.. but why would I want that? Cheers, Anders :) =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|