Re: Iptables Clues and Advices.

["Chris Berry" <compjma () hotmail com>]

> Jason Dixon wrote:
> > For all the folks who illusion that DROP is more secure than REJECT, I
> > submit the following:
> >
> > http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
>
> From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
> The flip side is that the person performing scans ties up more of HIS 
> resources, slowing down his progress.
>
> Sorry, I'll stick to DROP.

I have to agree, security isn't any one thing, it's a combination of 
factors, and this is one more thing to make the bad guys job a little 
harder.  The main argument of the document seems to be that users may suffer 
from poor application performance when they're doing something they're not 
supposed to, which in my book is not a problem at all.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Without change, something sleeps inside us, and seldom awakens.  The 
sleeper must awaken." -- Duke Leto Atreides

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------