[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How do you hide/stealth your firewall...ideas?
> 3) It would be nice if Firewall-1 could pass ICMP traffic without > decrementing the TTL, Regarding your first post, about rewriting inspect for ICMP: "Desinformation" - if you just "correct" the TTL for ICMP? It's easy to try tcp with the same TTL (fails) and TTL+1 (works). > Using the spare router idea, you don't even have to mess with TTL > mechanisms and you get the benefit of some disinformation (which is > always good.) It's better to close external access to all routers, so they'll look like a firewall. Or let your firewall look like a router. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|