Security Basics mailing list archives

RE: DROP or REJECT FILTERS for fragmented TCP scans

From: "Jon Pastore" <jpastore () idetech net>
Date: Thu, 17 Apr 2003 13:47:01 -0400

I use drop rules in most cases since it doesn't give a response and
pretends like it's not there as a reject would send back a packet
letting someone know maybe they can't get in this way but there is
something there to get into....people wont try to attack what they don't
know is there...

Jon Pastore, President
IDE Tech, Inc.
(954) 360-0393 Office
(954) 428-0442 Fax



-----Original Message-----
From: Ali Saifullah Khan [mailto:saifullah () attitudex com] 
Sent: Thursday, April 17, 2003 2:02 AM
To: security-basics () securityfocus com
Subject: DROP or REJECT FILTERS for fragmented TCP scans


How effective ( if affective ) would either IPTABLES REJECT or DROP
filters be in the case of fragmented scans where the TCP header is
divided over a range of smaller packets ? 

Regards,
Ali Saifullah Khan

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Select your own custom email address for FREE! Get you () yourchoice com
w/No Ads, 6MB, POP & more!
http://www.everyone.net/selectmail?campaign=tag

------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by
professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no
vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today
to 
ensure your place.
http://www.securityfocus.com/BlackHat-security-basics 
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------

Current thread:

DROP or REJECT FILTERS for fragmented TCP scans Ali Saifullah Khan (Apr 17)
- RE: DROP or REJECT FILTERS for fragmented TCP scans Jon Pastore (Apr 17)
- RE: DROP or REJECT FILTERS for fragmented TCP scans David Gillett (Apr 17)