Firewall Wizards mailing list archives
RE: RE: Help w/ Port 137 Traffic
From: "Stefan Norberg" <stefan () orbisec com>
Date: Mon, 14 Oct 2002 09:16:55 +0200
I build mine very similar to you, with one exception. Any traffic from the inside net that the firewall is supposed to block, I'm REJECTing. That way internal devices don't 'hang' waiting for a timeout. Everything coming in from the outside still gets DROPPED though. But I do prefer to send a RST to hosts on the inside.
I guess the trade-off here is ease-of-use (faster timeouts) vs higher security. It would be a lot easier for an internal attacker to port-scan the DMZ network space to figure out the firewall rules with your suggestion. Stefan _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Help w/ Port 137 Traffic, (continued)
- Re: Help w/ Port 137 Traffic Mikael Olsson (Oct 13)
- Re: Help w/ Port 137 Traffic Paul D. Robertson (Oct 13)
- Re: Help w/ Port 137 Traffic Mikael Olsson (Oct 13)
- Re: Help w/ Port 137 Traffic Paul D. Robertson (Oct 13)
- Re: Help w/ Port 137 Traffic Mikael Olsson (Oct 13)
- Re: Help w/ Port 137 Traffic Vincent Haverlant (Oct 15)
- Re: Help w/ Port 137 Traffic Mikael Olsson (Oct 13)
- RE: RE: Help w/ Port 137 Traffic Stefan Norberg (Oct 13)
- RE: RE: Help w/ Port 137 Traffic Frank Knobbe (Oct 13)
- RE: RE: Help w/ Port 137 Traffic Stefan Norberg (Oct 14)
- Re: RE: Help w/ Port 137 Traffic Devdas Bhagat (Oct 14)
- Re: RE: Help w/ Port 137 Traffic R. DuFresne (Oct 14)