[Pauldotcom] Drop or rst?
Ron Gula
rgula at tenablesecurity.com
Wed Oct 7 18:30:04 UTC 2009
I'm in favor of dropping silently.
- Your IP space can't be used to send RST packets to another target if
someone spoofs packets to you.
- It's potentially less CPU usage for your firewall.
- You don't give out any info about your firewall.
Ron Gula
Tenable Network Security
Norman Rach wrote:
> Hi Everyone,
>
> I'm currently in a discussion about our current ruleset for iptables.
> Whether to be RFC compliant and issue a RST to those scanning/connecting
> to undesired ports or to drop the packet completely. By sending a rst
> back to the host aren't we letting the srcIP know that the traffic
> successfully arrived to the host without being intercepted by a network
> appliance (i.e. IDS/IPS, firewall, etc)?
>
> As far as I can tell this seems to be more of a discussion on one's own
> security posture preference. Any feedback is appreciated.
>
> Cheers!
> NR
>
> ------------------------------------------------------------------------
> Hotmail: Powerful Free email with security by Microsoft. Get it now.
> <http://clk.atdmt.com/GBL/go/171222986/direct/01/>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
--
Ron Gula, CEO
Tenable Network Security
More information about the Pauldotcom
mailing list