RE: Dropping stealthing from opsec; Anyone for a little I>R<TF wo rk ?

["Smith, Donald" <Donald.Smith@qwest.com>]

In my opinion, a firewall shouldnt decrement the ttl, be directly
addressable
from the internet or send icmp messages. Those all provide means to map the
firewall
and systems it is protecting.

Donald.Smith@qwest.com GCIA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC
(coffee != sleep) & (!coffee == sleep)

> -----Original Message-----
> From: George Jones [mailto:gmj@pobox.com]
> Sent: Thursday, July 31, 2003 2:41 PM
> To: Smith, Donald
> Cc: Florian Weimer; Todd MacDermid; opsec@ops.ietf.org
> Subject: RE: Dropping stealthing from opsec; Anyone for a 
> little I>R<TF
> wo rk ?
> 
> 
> > Actually firewalls, IDSes, IPSes and other devices could benefit
> > from stealthing. I agree it should probably be in a 
> separate document.
> > But it should/would apply beyond the core.
> >
> > As for the core, I am afraid lots of things will probably 
> break if its'
> > invisible.
> > However making it invisible from the OUTSIDE of the network might be
> > practical.
> 
> Sorry....I guess I should have been more clear...the goal IS to
> make the core invisible beyond the edge.
> 
> In the case of a firewall, it's still visible as a layer three device:
> it has an address, packets can be sent to it, TTLs decrement when
> packets cross it, and it sends ICMP messages.  In the sense that
> I'm using the term, none of those may be true.
> 
> ---George
>