[Pauldotcom] Drop or rst?
Brett Hoff
bhoff at itworldclass.com
Wed Oct 7 18:52:31 UTC 2009
I also like to drop silently.
I have built and monitor over 100 firewalls and almost always choose this
option.
Brett Hoff
RHCT, Linux +, Security+
Senior Security and Linux instructor
Senior IT Security Engineer
GCFA "Certified Forensics Analyst"
Antler Computer Consulting
Antler, Inc.
We do IT World Class!
850-857-7707
itworldclass.com
_____
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Norman Rach
Sent: Wednesday, October 07, 2009 11:39 AM
To: pauldotcom at mail.pauldotcom.com
Subject: [Pauldotcom] Drop or rst?
Hi Everyone,
I'm currently in a discussion about our current ruleset for iptables.
Whether to be RFC compliant and issue a RST to those scanning/connecting to
undesired ports or to drop the packet completely. By sending a rst back to
the host aren't we letting the srcIP know that the traffic successfully
arrived to the host without being intercepted by a network appliance (i.e.
IDS/IPS, firewall, etc)?
As far as I can tell this seems to be more of a discussion on one's own
security posture preference. Any feedback is appreciated.
Cheers!
NR
_____
Hotmail: Powerful Free email with security by Microsoft. Get it
<http://clk.atdmt.com/GBL/go/171222986/direct/01/> now.
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4487 (20091007) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091007/ffe65aa7/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/bmp
Size: 42666 bytes
Desc: not available
Url : http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091007/ffe65aa7/attachment.bin
More information about the Pauldotcom
mailing list