PaulDotCom mailing list archives

Drop or rst?

From: lostpacket at live.com (Norman Rach)
Date: Wed, 7 Oct 2009 09:39:07 -0700


Hi Everyone,

 

I'm currently in a discussion about our current ruleset for iptables.  Whether to be RFC compliant and issue a RST to 
those scanning/connecting to undesired ports or to drop the packet completely.  By sending a rst back to the host 
aren't we letting the srcIP know that the traffic successfully arrived to the host without being intercepted by a 
network appliance (i.e. IDS/IPS, firewall, etc)?

 

As far as I can tell this seems to be more of a discussion on one's own security posture preference.  Any feedback is 
appreciated.

 

Cheers!

NR
                                          
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/171222986/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091007/ed0812e5/attachment.htm

Current thread:

Drop or rst? Norman Rach (Oct 07)
- Drop or rst? Ron Gula (Oct 07)
- Drop or rst? Brett Hoff (Oct 07)
  - Drop or rst? Ben Greenfield (Oct 07)
    - Drop or rst? Butturini, Russell (Oct 07)
    - Drop or rst? Nils (Oct 08)
    - Drop or rst? Jack Daniel (Oct 08)
- <Possible follow-ups>
- Drop or rst? Norman Rach (Oct 08)
  - Drop or rst? Michael Douglas (Oct 08)
    - Drop or rst? Jody & Jennifer McCluggage (Oct 10)
    - Drop or rst? Nick Drage (Oct 15)

(Thread continues...)