* [LARTC] Drop vs. Reject
@ 2003-11-19 16:11 Guilherme Viebig
2003-11-19 16:32 ` Jorge# ./S
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Guilherme Viebig @ 2003-11-19 16:11 UTC (permalink / raw)
To: lartc
Some say that DROP is the ideal manner to deal with non authorized requests,
but using DROP let the atacker know the ports which are filtered. Using
REJECT simply add one step to all proccess, sending the reject signal back
to the oringin.
What your perspective about it?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] Drop vs. Reject
2003-11-19 16:11 [LARTC] Drop vs. Reject Guilherme Viebig
@ 2003-11-19 16:32 ` Jorge# ./S
2003-11-19 16:50 ` Martin A. Brown
2003-11-19 17:04 ` Heikki Lampén
2 siblings, 0 replies; 4+ messages in thread
From: Jorge# ./S @ 2003-11-19 16:32 UTC (permalink / raw)
To: lartc
with a reject u send a reject signal back to the origin. In case of a
DoS this generates more traffic.
wich one to use mainly depends how do u want to protect a port and what
kinds of attacks u expect to receive.
Jorge S.
On Wed, 2003-11-19 at 11:11, Guilherme Viebig wrote:
> Some say that DROP is the ideal manner to deal with non authorized requests,
> but using DROP let the atacker know the ports which are filtered. Using
> REJECT simply add one step to all proccess, sending the reject signal back
> to the oringin.
>
> What your perspective about it?
>
>
>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Drop vs. Reject
2003-11-19 16:11 [LARTC] Drop vs. Reject Guilherme Viebig
2003-11-19 16:32 ` Jorge# ./S
@ 2003-11-19 16:50 ` Martin A. Brown
2003-11-19 17:04 ` Heikki Lampén
2 siblings, 0 replies; 4+ messages in thread
From: Martin A. Brown @ 2003-11-19 16:50 UTC (permalink / raw)
To: lartc
Not a LARTC question. Try firewall-wizards or netfilter.
: Some say that DROP is the ideal manner to deal with non authorized
: requests, but using DROP let the atacker know the ports which are
: filtered. Using REJECT simply add one step to all proccess, sending the
: reject signal back to the oringin.
-Martin
P.S., I'd prefer to DROP in most cases.
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Drop vs. Reject
2003-11-19 16:11 [LARTC] Drop vs. Reject Guilherme Viebig
2003-11-19 16:32 ` Jorge# ./S
2003-11-19 16:50 ` Martin A. Brown
@ 2003-11-19 17:04 ` Heikki Lampén
2 siblings, 0 replies; 4+ messages in thread
From: Heikki Lampén @ 2003-11-19 17:04 UTC (permalink / raw)
To: lartc
Depends, if your firewall's default policy is set to DROP then you'd
want to DROP unwanted packets.
On the other hand if you allow everything and only want to block packets
to certain (maybe M$ related) ports, then DROPping them is seen by the
evil attacker scanning your network's holes. Altho REJECTing is more
polite way of doing it, DROPping is more secure. Also REJECT sends a
port unreachable ICMP back to the dropped packet's origin.
Someone correct me if I'm wrong since I'm quite new on netfilter.
Guilherme Viebig wrote:
>Some say that DROP is the ideal manner to deal with non authorized requests,
>but using DROP let the atacker know the ports which are filtered. Using
>REJECT simply add one step to all proccess, sending the reject signal back
>to the oringin.
>
>What your perspective about it?
>
>
>
>
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-11-19 17:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-11-19 16:11 [LARTC] Drop vs. Reject Guilherme Viebig
2003-11-19 16:32 ` Jorge# ./S
2003-11-19 16:50 ` Martin A. Brown
2003-11-19 17:04 ` Heikki Lampén
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.