[Pauldotcom] Drop or rst?
Jody & Jennifer McCluggage
j2mccluggage at adelphia.net
Sat Oct 10 14:25:38 UTC 2009
Mt vote is for dropping. You still sometimes hear from RFC purists
bemoaning the fact that many block and drop certain ICMP packets at their
router.
_____
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Norman Rach
Sent: Thursday, October 08, 2009 3:42 PM
To: pauldotcom at mail.pauldotcom.com
Subject: Re: [Pauldotcom] Drop or rst?
Thanks everyone for your input. I'll add this to the agenda at our next
meeting as discussion points.
Cheers!
NR
_____
From: lostpacket at live.com
To: pauldotcom at mail.pauldotcom.com
Subject: Drop or rst?
Date: Wed, 7 Oct 2009 09:39:07 -0700
Hi Everyone,
I'm currently in a discussion about our current ruleset for iptables.
Whether to be RFC compliant and issue a RST to those scanning/connecting to
undesired ports or to drop the packet completely. By sending a rst back to
the host aren't we letting the srcIP know that the traffic successfully
arrived to the host without being intercepted by a network appliance (i.e.
IDS/IPS, firewall, etc)?
As far as I can tell this seems to be more of a discussion on one's own
security posture preference. Any feedback is appreciated.
Cheers!
NR
_____
Hotmail: Powerful Free email with security by Microsoft. Get it now.
<http://clk.atdmt.com/GBL/go/171222986/direct/01/>
_____
Hotmail: Trusted email with Microsoft's powerful SPAM protection. Sign up
now. <http://clk.atdmt.com/GBL/go/177141664/direct/01/>
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.421 / Virus Database: 270.14.8/2423 - Release Date: 10/08/09
18:33:00
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091010/6d707269/attachment.htm
More information about the Pauldotcom
mailing list