I'm SO mad about computers sending ICMP Unreachable messages about closed UDP ports.
DON'T JUST GIVE AWAY WHAT PORTS YOU ARE USING
@jennamagius I'm curious what your reasoning behind this is.
@espen When 17-010 dropped, worms started spamming every SMB service on the internet with EternalBlue. There's no reason somebody who doesn't have authorization to access my system should know if I am or am-not running remote access services: https://www.shodan.io/search?query=ssh
@espen I'll admit to you that I'm running a remote access service after you've proven that you're authorized to access that service. Otherwise, you're an attacker, and you don't need to know shit.
@jennamagius I get that. I'm not certain there are any "correct" answers here, that is why I am interested in your reasoning.
Like you, I assume "everyone" is an attacker, but I also assume that anyone interested in attacking me would be able to discover what services are available with little effort. Any effort I make to mask this is little more than theater and security through obscurity. So, given that, I prefer to say "access denied, keep moving" than not responding.
@espen Strong disagree. It is absolutely not security theatre, it is surface area minimization. MS17-010 said "access denied" and EternalBlue said "Boy, there sure is a LOT of surface area on the outside of your access denied" and then pwned the shit out of services that were "denying" "access"
@jennamagius we ARE talking closed ports, right? Ports where no services are running?
My apologies if I misunderstood something.
@jennamagius Right, a system protected behing 7 port knocks. But fine, I get that we're talking about something slightly different than I thought so I'll let this be. But thanks for taking the time to explain. :)
@espen I'm talking about running services that appear to be closed ports unless you can authorize yourself enough get get the service to admit that it exists.
https://en.wikipedia.org/wiki/Port_knocking