Re: iptables and port scan
From: Cedric Blancher (blancher@cartel-securite.fr)Date: 02/12/02
- Next message: Joe Bloggs: "Re: Constant Hacking Attemps - Pacific Bell DSL customer"
- Previous message: Lutz Donnerhacke: "Re: iptables and port scan"
- In reply to: Lutz Donnerhacke: "Re: iptables and port scan"
- Next in thread: Lutz Donnerhacke: "Re: iptables and port scan"
- Reply: Lutz Donnerhacke: "Re: iptables and port scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Cedric Blancher <blancher@cartel-securite.fr> Date: Tue, 12 Feb 2002 09:08:10 +0000 (UTC)
Dans sa prose, Lutz Donnerhacke (lutz@iks-jena.de) nous ecrivait :
> Dropping legal connections is BAD. Use REJECT instead.
> http://www.blood-thirsty-barbarians.de/Firewall.html#Deny
On an RFC basic, it is true. But, on a behaviour basic, I do not see the
point in using REJECT.
I plug onto Internet a host that provides some services. This services
are "advertised", understand I declare them accessible publicly. Someone
who wants to reach that host has no reason to try connecting to some
other service. If he does so, its behaviour is no more normal, so I do
not see why I should offer him a normal response, even if his connection
is legal on a RFC basic.
-- BOFH excuse #414:tachyon emissions overloading the system
- Next message: Joe Bloggs: "Re: Constant Hacking Attemps - Pacific Bell DSL customer"
- Previous message: Lutz Donnerhacke: "Re: iptables and port scan"
- In reply to: Lutz Donnerhacke: "Re: iptables and port scan"
- Next in thread: Lutz Donnerhacke: "Re: iptables and port scan"
- Reply: Lutz Donnerhacke: "Re: iptables and port scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
