PaulDotCom mailing list archives
Drop or rst?
From: bcg at struxural.com (Ben Greenfield)
Date: Wed, 7 Oct 2009 15:53:06 -0400
I agree with Brett and Ron, to an attacker / pen tester a silently dropped packet doesn't offer much. A reset packet is a lot more indicative that some processing occurred. On Wed, Oct 7, 2009 at 2:52 PM, Brett Hoff <bhoff at itworldclass.com> wrote:
I also like to drop silently. I have built and monitor over 100 firewalls and almost always choose this option. Brett Hoff RHCT, Linux +, Security+ Senior Security and Linux instructor Senior IT Security Engineer *GCFA* "Certified Forensics Analyst" Antler Computer Consulting Antler, Inc. We do IT World Class! 850-857-7707 itworldclass.com ------------------------------ *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto: pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Norman Rach *Sent:* Wednesday, October 07, 2009 11:39 AM *To:* pauldotcom at mail.pauldotcom.com *Subject:* [Pauldotcom] Drop or rst? Hi Everyone, I'm currently in a discussion about our current ruleset for iptables. Whether to be RFC compliant and issue a RST to those scanning/connecting to undesired ports or to drop the packet completely. By sending a rst back to the host aren't we letting the srcIP know that the traffic successfully arrived to the host without being intercepted by a network appliance (i.e. IDS/IPS, firewall, etc)? As far as I can tell this seems to be more of a discussion on one's own security posture preference. Any feedback is appreciated. Cheers! NR ------------------------------ Hotmail: Powerful Free email with security by Microsoft. Get it now.<http://clk.atdmt.com/GBL/go/171222986/direct/01/> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4487 (20091007) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4488 (20091007) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091007/99bf08fb/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/bmp Size: 42666 bytes Desc: not available Url : http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091007/99bf08fb/attachment.bin
Current thread:
- Drop or rst? Norman Rach (Oct 07)
- Drop or rst? Ron Gula (Oct 07)
- Drop or rst? Brett Hoff (Oct 07)
- Drop or rst? Ben Greenfield (Oct 07)
- Drop or rst? Butturini, Russell (Oct 07)
- Drop or rst? Nils (Oct 08)
- Drop or rst? Jack Daniel (Oct 08)
- Drop or rst? Ben Greenfield (Oct 07)
- <Possible follow-ups>
- Drop or rst? Norman Rach (Oct 08)
- Drop or rst? Michael Douglas (Oct 08)
- Drop or rst? Jody & Jennifer McCluggage (Oct 10)
- Drop or rst? Nick Drage (Oct 15)
- Drop or rst? Michael Douglas (Oct 08)
- Drop or rst? Jody & Jennifer McCluggage (Oct 10)
- Drop or rst? Don Thomas (Oct 10)
- TheMiddler Nils (Oct 11)