When talking about avoiding information disclosure, we generally

say we will be able to delay the actual break-in, since crackers can still manage to get into the system if there is a hole. So, prefer saying "we can delay the actual attack" rather than "the system is more secure". Reviewed by: trhodes
svn path=/head/; revision=24024
2005-03-08 08:15:50 +00:00 · 2005-03-08 08:15:50 +00:00 · 930f075192 · 2020-12-08 03:00:23 +00:00
commit 930f075192
parent 368ddbeff6
1 changed files with 3 additions and 2 deletions
--- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
@ -1455,8 +1455,9 @@ sh /etc/ipf.rules.script</programlisting>
 	response returned for any of the undesirable stuff, their
 	packets just get dropped and vanish.  This way the attacker
 	has no knowledge if his packets have reached your system.  The
-	less the attackers can learn about your system the more secure
-	it is.  The inbound 'nmap OS fingerprint' attempts rule I log
+	less the attackers can learn about your system, the more
+	time they must invest before actually doing something bad.
+	The inbound 'nmap OS fingerprint' attempts rule I log

 	<!-- XXX: what? -->