[Pauldotcom] Drop or rst?
Norman Rach
lostpacket at live.com
Wed Oct 7 16:39:07 UTC 2009
Hi Everyone,
I'm currently in a discussion about our current ruleset for iptables. Whether to be RFC compliant and issue a RST to those scanning/connecting to undesired ports or to drop the packet completely. By sending a rst back to the host aren't we letting the srcIP know that the traffic successfully arrived to the host without being intercepted by a network appliance (i.e. IDS/IPS, firewall, etc)?
As far as I can tell this seems to be more of a discussion on one's own security posture preference. Any feedback is appreciated.
Cheers!
NR
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/171222986/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091007/ed0812e5/attachment.htm
More information about the Pauldotcom
mailing list