Some say that DROP is the ideal manner to deal with non authorized requests, but using DROP let the atacker know the ports which are filtered. Using REJECT simply add one step to all proccess, sending the reject signal back to the oringin. What your perspective about it? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
with a reject u send a reject signal back to the origin. In case of a DoS this generates more traffic. wich one to use mainly depends how do u want to protect a port and what kinds of attacks u expect to receive. Jorge S. On Wed, 2003-11-19 at 11:11, Guilherme Viebig wrote:> Some say that DROP is the ideal manner to deal with non authorized requests, > but using DROP let the atacker know the ports which are filtered. Using > REJECT simply add one step to all proccess, sending the reject signal back > to the oringin. > > What your perspective about it? > > > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Not a LARTC question. Try firewall-wizards or netfilter. : Some say that DROP is the ideal manner to deal with non authorized : requests, but using DROP let the atacker know the ports which are : filtered. Using REJECT simply add one step to all proccess, sending the : reject signal back to the oringin. -Martin P.S., I''d prefer to DROP in most cases. -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Depends, if your firewall''s default policy is set to DROP then you''d want to DROP unwanted packets. On the other hand if you allow everything and only want to block packets to certain (maybe M$ related) ports, then DROPping them is seen by the evil attacker scanning your network''s holes. Altho REJECTing is more polite way of doing it, DROPping is more secure. Also REJECT sends a port unreachable ICMP back to the dropped packet''s origin. Someone correct me if I''m wrong since I''m quite new on netfilter. Guilherme Viebig wrote:>Some say that DROP is the ideal manner to deal with non authorized requests, >but using DROP let the atacker know the ports which are filtered. Using >REJECT simply add one step to all proccess, sending the reject signal back >to the oringin. > >What your perspective about it? > > > > > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/