PaulDotCom mailing list archives

Drop or rst?

From: don.thomas.cissp at gmail.com (Don Thomas)
Date: Sat, 10 Oct 2009 11:59:59 -0700

Depending on the Firewall, you might be able to do both.  If the packet is
coming from a know trusted source, send a RST.  If source is unknown, drop
it.

You can do that for icmp too...

Cheers!
-dt
On Sat, Oct 10, 2009 at 7:25 AM, Jody & Jennifer McCluggage <
j2mccluggage at adelphia.net> wrote:

 Mt vote is for dropping.  You still sometimes hear from RFC purists
bemoaning the fact that many block and drop certain ICMP packets at their
router.


 ------------------------------

*From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:
pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Norman Rach
*Sent:* Thursday, October 08, 2009 3:42 PM
*To:* pauldotcom at mail.pauldotcom.com
*Subject:* Re: [Pauldotcom] Drop or rst?



Thanks everyone for your input.  I'll add this to the agenda at our next
meeting as discussion points.

Cheers!
NR
  ------------------------------

From: lostpacket at live.com
To: pauldotcom at mail.pauldotcom.com
Subject: Drop or rst?
Date: Wed, 7 Oct 2009 09:39:07 -0700

Hi Everyone,

I'm currently in a discussion about our current ruleset for iptables.
Whether to be RFC compliant and issue a RST to those scanning/connecting to
undesired ports or to drop the packet completely.  By sending a rst back to
the host aren't we letting the srcIP know that the traffic
successfully arrived to the host without being intercepted by a network
appliance (i.e. IDS/IPS, firewall, etc)?

As far as I can tell this seems to be more of a discussion on one's own
security posture preference.  Any feedback is appreciated.

Cheers!
NR
 ------------------------------

Hotmail: Powerful Free email with security by Microsoft. Get it now.<http://clk.atdmt.com/GBL/go/171222986/direct/01/>
 ------------------------------

Hotmail: Trusted email with Microsoft?s powerful SPAM protection. Sign up
now. <http://clk.atdmt.com/GBL/go/177141664/direct/01/>

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.421 / Virus Database: 270.14.8/2423 - Release Date: 10/08/09
18:33:00


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091010/33da4564/attachment.htm

Current thread:

Drop or rst?, (continued)
- Drop or rst? Brett Hoff (Oct 07)
  - Drop or rst? Ben Greenfield (Oct 07)
    - Drop or rst? Butturini, Russell (Oct 07)
    - Drop or rst? Nils (Oct 08)
    - Drop or rst? Jack Daniel (Oct 08)
- Drop or rst? Norman Rach (Oct 08)
  - Drop or rst? Michael Douglas (Oct 08)
    - Drop or rst? Jody & Jennifer McCluggage (Oct 10)
    - Drop or rst? Nick Drage (Oct 15)
  - Drop or rst? Jody & Jennifer McCluggage (Oct 10)
    - Drop or rst? Don Thomas (Oct 10)
    - TheMiddler Nils (Oct 11)
    - TheMiddler Rob Fuller (Oct 11)
    - TheMiddler Nils (Oct 12)
    - TheMiddler Nils (Oct 19)