PaulDotCom mailing list archives
Drop or rst?
From: nils at hemmann.de (Nils)
Date: Thu, 08 Oct 2009 14:23:31 +0200
I totally agree when you don't need to do connectivity troubleshooting on a frequent basis. But in our test plant environment RSTs come in handy when we troubleshoot remote connections going through several firewalls. Nils Butturini, Russell wrote:
+1 for the opinions expressed so far. Most commercial firewalls even have a ?stealth mode? type feature that turns this sort of functionality on for you. ------------------------------------------------------------------------ *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Ben Greenfield *Sent:* Wednesday, October 07, 2009 2:53 PM *To:* PaulDotCom Security Weekly Mailing List *Subject:* Re: [Pauldotcom] Drop or rst? I agree with Brett and Ron, to an attacker / pen tester a silently dropped packet doesn't offer much. A reset packet is a lot more indicative that some processing occurred. On Wed, Oct 7, 2009 at 2:52 PM, Brett Hoff <bhoff at itworldclass.com <mailto:bhoff at itworldclass.com>> wrote: I also like to drop silently. I have built and monitor over 100 firewalls and almost always choose this option. Brett Hoff RHCT, Linux +, Security+ Senior Security and Linux instructor Senior IT Security Engineer *GCFA* "Certified Forensics Analyst" Antler Computer Consulting Antler, Inc. We do IT World Class! 850-857-7707 itworldclass.com <http://itworldclass.com> ------------------------------------------------------------------------ *From:* pauldotcom-bounces at mail.pauldotcom.com <mailto:pauldotcom-bounces at mail.pauldotcom.com> [mailto:pauldotcom-bounces at mail.pauldotcom.com <mailto:pauldotcom-bounces at mail.pauldotcom.com>] *On Behalf Of *Norman Rach *Sent:* Wednesday, October 07, 2009 11:39 AM *To:* pauldotcom at mail.pauldotcom.com <mailto:pauldotcom at mail.pauldotcom.com> *Subject:* [Pauldotcom] Drop or rst? Hi Everyone, I'm currently in a discussion about our current ruleset for iptables. Whether to be RFC compliant and issue a RST to those scanning/connecting to undesired ports or to drop the packet completely. By sending a rst back to the host aren't we letting the srcIP know that the traffic successfully arrived to the host without being intercepted by a network appliance (i.e. IDS/IPS, firewall, etc)? As far as I can tell this seems to be more of a discussion on one's own security posture preference. Any feedback is appreciated. Cheers! NR ------------------------------------------------------------------------ Hotmail: Powerful Free email with security by Microsoft. Get it now. <http://clk.atdmt.com/GBL/go/171222986/direct/01/> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4487 (20091007) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4488 (20091007) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com ****************************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ****************************************************************************** ------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Drop or rst? Norman Rach (Oct 07)
- Drop or rst? Ron Gula (Oct 07)
- Drop or rst? Brett Hoff (Oct 07)
- Drop or rst? Ben Greenfield (Oct 07)
- Drop or rst? Butturini, Russell (Oct 07)
- Drop or rst? Nils (Oct 08)
- Drop or rst? Jack Daniel (Oct 08)
- Drop or rst? Ben Greenfield (Oct 07)
- <Possible follow-ups>
- Drop or rst? Norman Rach (Oct 08)
- Drop or rst? Michael Douglas (Oct 08)
- Drop or rst? Jody & Jennifer McCluggage (Oct 10)
- Drop or rst? Nick Drage (Oct 15)
- Drop or rst? Michael Douglas (Oct 08)
- Drop or rst? Jody & Jennifer McCluggage (Oct 10)
- Drop or rst? Don Thomas (Oct 10)
- TheMiddler Nils (Oct 11)
- TheMiddler Rob Fuller (Oct 11)
- TheMiddler Nils (Oct 12)