PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Drop or rst?

From: rgula at tenablesecurity.com (Ron Gula)
Date: Wed, 07 Oct 2009 14:30:04 -0400
I'm in favor of dropping silently.

- Your IP space can't be used to send RST packets to another target if
someone spoofs packets to you.
- It's potentially less CPU usage for your firewall.
- You don't give out any info about your firewall.

Ron Gula
Tenable Network Security

Norman Rach wrote:

Hi Everyone,
 
I'm currently in a discussion about our current ruleset for iptables. 
Whether to be RFC compliant and issue a RST to those scanning/connecting
to undesired ports or to drop the packet completely.  By sending a rst
back to the host aren't we letting the srcIP know that the traffic
successfully arrived to the host without being intercepted by a network
appliance (i.e. IDS/IPS, firewall, etc)?
 
As far as I can tell this seems to be more of a discussion on one's own
security posture preference.  Any feedback is appreciated.
 
Cheers!
NR

------------------------------------------------------------------------
Hotmail: Powerful Free email with security by Microsoft. Get it now.
<http://clk.atdmt.com/GBL/go/171222986/direct/01/>


------------------------------------------------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



-- 
Ron Gula, CEO
Tenable Network Security
Previous By Date Next
Previous By Thread Next

Current thread: