From: Jose Maria Lopez Hernandez <jkerouac@bgsec.com>
To: netfilter@lists.netfilter.org
Subject: Re: Dropping network "noise"
Date: Sun, 13 Feb 2005 14:56:26 +0100 [thread overview]
Message-ID: <1108302986.10876.40.camel@nostromo.bgsecm.com> (raw)
In-Reply-To: <420F5186.5060703@hotpop.com>
El dom, 13-02-2005 a las 15:09 +0200, Georgi Alexandrov escribió:
> Jose Maria Lopez Hernandez wrote:
>
> >El dom, 13-02-2005 a las 09:28 +0300, Mikhail Zotov escribió:
> >
> >
> >>Hello everybody,
> >>
> >>I have a Linux machine (with a static routable IP address)
> >>connected to a windoops LAN. As is known, there is certain
> >>"noise" in windoops networks, which can be silently dropped
> >>by a rule like this:
> >>
> >>iptables -A INPUT -p udp --dport 135:139 -j DROP
> >>
> >>
> >
> >That's OK, but also DROP port 445 because there's also a great
> >amount of traffic in that port.
> >
> >
> >
> How exactly is that OK ? i guess you don't have anything listening on
> 135-139/udp, right ?
The OP *wanted* to DROP that ports, and their rules were OK. That's
all I said. And have in mind that even if you are not listening in
those ports you are responding RST-ACK packets if you don't DROP the
connections. I have to DROP the 445 packets from the Internet because
they cause my machine to send traffic I don't want to be sent.
> So you won't "save" any traffic with a rule like that, that's how
> ethernet works.
You save the RST-ACK responses, if I'm not wrong.
> The only point in a rule like that maybe is - if you are logging not
> matched packets at the end of the filter table/INPUT chain and don't
> want your logs flooded by that broadcast traffic.
That's right. But if you want to DROP the Netbios packets also
there's nothing wrong with it.
> >If you are don't want to receive traffic your broadcast it's OK.
> >
> >
> same thing here ... you will receive that broadcast traffic no matter
> what. dropping it won't help.
Same reason that before. You receive the packets, but you don't
answer to them.
> regards,
> Georgi Alexandrov
Regards.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
next prev parent reply other threads:[~2005-02-13 13:56 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-13 6:28 Dropping network "noise" Mikhail Zotov
2005-02-13 12:03 ` Jose Maria Lopez Hernandez
2005-02-13 13:09 ` Georgi Alexandrov
2005-02-13 13:30 ` Mikhail Zotov
2005-02-13 13:56 ` Jose Maria Lopez Hernandez [this message]
2005-02-13 20:54 ` R. DuFresne
2005-02-13 21:35 ` Jose Maria Lopez Hernandez
2005-02-13 13:30 ` Mikhail Zotov
2005-02-15 16:15 ` Jason Opperisano
2005-02-16 7:34 ` Mikhail Zotov
2005-02-16 13:28 ` Jason Opperisano
2005-02-16 13:51 ` Mikhail Zotov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1108302986.10876.40.camel@nostromo.bgsecm.com \
--to=jkerouac@bgsec.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.