RE: iptables REJECT types for UDP (if any)
From: Simon Byrnand (simon@igrin.co.nz)
Date: 11/21/02
- Previous message: Philipp Schulte: "Re: iptables REJECT types for UDP (if any)"
- In reply to: Miguel Angel Rodríguez Jódar: "RE: iptables REJECT types for UDP (if any)"
- Next in thread: Pierre Spielmann: "Re: iptables REJECT types for UDP (if any)"
- Reply: Pierre Spielmann: "Re: iptables REJECT types for UDP (if any)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Nov 2002 12:15:27 +1300 To: Miguel Angel Rodríguez Jódar <rodriguj@atc.us.es>, "'Richard Dicaire'" <rdicaire@kritek.net> From: Simon Byrnand <simon@igrin.co.nz>
At 18:01 16/11/02 +0100, Miguel Angel Rodríguez Jódar wrote:
>> using -j DROP as a target, what I want to know is what types
>> of REJECT
>> can be used for UDP packets? Thanks.
>
>AFAIK, UDP packets are not realiable, and haven't got things like the
>RST option in their headers as TCP packets have, so dropping it is your
>only choice.
Not true,
While UDP doesn't have RST, you can still send an ICMP destination port
unreachable error, which has the same effect.
In fact, if you use TCPDUMP I think you'll find that the REJECT rule for
both UDP *and* TCP uses ICMP destination port unreachables.
This makes it possible to tell the difference with a scanner between a TCP
port which is really closed (sends a RST) and a TCP port that is firewalled
with REJECT. (Sends an ICMP DEST UNREACH)
Regards,
Simon
- Next message: Oliver Friedrichs: "DeepSight Analyzer 4.0 Announcement"
- Previous message: Philipp Schulte: "Re: iptables REJECT types for UDP (if any)"
- In reply to: Miguel Angel Rodríguez Jódar: "RE: iptables REJECT types for UDP (if any)"
- Next in thread: Pierre Spielmann: "Re: iptables REJECT types for UDP (if any)"
- Reply: Pierre Spielmann: "Re: iptables REJECT types for UDP (if any)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
