PaulDotCom mailing list archives
Drop or rst?
From: lostpacket at live.com (Norman Rach)
Date: Wed, 7 Oct 2009 09:39:07 -0700
Hi Everyone, I'm currently in a discussion about our current ruleset for iptables. Whether to be RFC compliant and issue a RST to those scanning/connecting to undesired ports or to drop the packet completely. By sending a rst back to the host aren't we letting the srcIP know that the traffic successfully arrived to the host without being intercepted by a network appliance (i.e. IDS/IPS, firewall, etc)? As far as I can tell this seems to be more of a discussion on one's own security posture preference. Any feedback is appreciated. Cheers! NR _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/171222986/direct/01/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091007/ed0812e5/attachment.htm
Current thread:
- Drop or rst? Norman Rach (Oct 07)
- Drop or rst? Ron Gula (Oct 07)
- Drop or rst? Brett Hoff (Oct 07)
- Drop or rst? Ben Greenfield (Oct 07)
- Drop or rst? Butturini, Russell (Oct 07)
- Drop or rst? Nils (Oct 08)
- Drop or rst? Jack Daniel (Oct 08)
- Drop or rst? Ben Greenfield (Oct 07)
- <Possible follow-ups>
- Drop or rst? Norman Rach (Oct 08)
- Drop or rst? Michael Douglas (Oct 08)
- Drop or rst? Jody & Jennifer McCluggage (Oct 10)
- Drop or rst? Nick Drage (Oct 15)
- Drop or rst? Michael Douglas (Oct 08)