PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Drop or rst?

From: Russell.Butturini at Healthways.com (Butturini, Russell)
Date: Wed, 7 Oct 2009 14:57:43 -0500
+1 for the opinions expressed so far.  Most commercial firewalls even
have a "stealth mode" type feature that turns this sort of functionality
on for you.

________________________________

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Ben
Greenfield
Sent: Wednesday, October 07, 2009 2:53 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Drop or rst?

 

I agree with Brett and Ron, to an attacker / pen tester a silently
dropped packet doesn't offer much.  A reset packet is a lot more
indicative that some processing occurred.  

On Wed, Oct 7, 2009 at 2:52 PM, Brett Hoff <bhoff at itworldclass.com>
wrote:

I also like to drop silently.

 

I have built and monitor over 100 firewalls and almost always choose
this option.

 

Brett Hoff

RHCT, Linux +, Security+

Senior Security and Linux instructor

Senior IT Security Engineer

GCFA "Certified Forensics Analyst"

Antler Computer Consulting

 

Antler, Inc.

We do IT World Class! 

 

850-857-7707

itworldclass.com

 

 

________________________________

From: pauldotcom-bounces at mail.pauldotcom.com [mailto:
pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Norman Rach
Sent: Wednesday, October 07, 2009 11:39 AM
To: pauldotcom at mail.pauldotcom.com
Subject: [Pauldotcom] Drop or rst?

Hi Everyone,
 
I'm currently in a discussion about our current ruleset for iptables.
Whether to be RFC compliant and issue a RST to those scanning/connecting
to undesired ports or to drop the packet completely.  By sending a rst
back to the host aren't we letting the srcIP know that the traffic
successfully arrived to the host without being intercepted by a network
appliance (i.e. IDS/IPS, firewall, etc)?
 
As far as I can tell this seems to be more of a discussion on one's own
security posture preference.  Any feedback is appreciated.
 
Cheers!
NR

________________________________

Hotmail: Powerful Free email with security by Microsoft. Get it now.
<http://clk.atdmt.com/GBL/go/171222986/direct/01/> 

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4487 (20091007) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4488 (20091007) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

 


******************************************************************************
This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than 
the named recipient of this email, 
and is to be used only for the intended purpose of this communication.
******************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091007/61f3adf5/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3845 bytes
Desc: image001.jpg
Url : http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091007/61f3adf5/attachment.jpeg
Previous By Date Next
Previous By Thread Next

Current thread: