Re: iptables REJECT types for UDP (if any)
From: Philipp Schulte (pschulte@uni-duisburg.de)
Date: 11/17/02
- Previous message: Miguel Angel Rodríguez Jódar: "RE: iptables REJECT types for UDP (if any)"
- In reply to: Miguel Angel Rodríguez Jódar: "RE: iptables REJECT types for UDP (if any)"
- Next in thread: Simon Byrnand: "RE: iptables REJECT types for UDP (if any)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 17 Nov 2002 03:11:16 +0100 From: Philipp Schulte <pschulte@uni-duisburg.de> To: focus-linux@securityfocus.com
Miguel Angel Rodríguez Jódar wrote:
> > using -j DROP as a target, what I want to know is what types
> > of REJECT
> > can be used for UDP packets? Thanks.
>
> AFAIK, UDP packets are not realiable
This is misleading. UDP (as opposed to TCP) is a connection-less
protocol. That means that UDP itself doesn't check if packets made
their way. But this doesn't make the UDP-packets themselves less
reliable than TCP-packets.
> haven't got things like the RST option in their headers as TCP
> packets have, so dropping it is your only choice.
While it is true that UDP doesn't know such a thing as RST, dropping
them is _not_ the only choice. The equivalent to TCP-RST would be to
send an ICMP-PortUnreachable.
Phil
- Next message: Simon Byrnand: "RE: iptables REJECT types for UDP (if any)"
- Previous message: Miguel Angel Rodríguez Jódar: "RE: iptables REJECT types for UDP (if any)"
- In reply to: Miguel Angel Rodríguez Jódar: "RE: iptables REJECT types for UDP (if any)"
- Next in thread: Simon Byrnand: "RE: iptables REJECT types for UDP (if any)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
