PaulDotCom mailing list archives
Drop or rst?
From: don.thomas.cissp at gmail.com (Don Thomas)
Date: Sat, 10 Oct 2009 11:59:59 -0700
Depending on the Firewall, you might be able to do both. If the packet is coming from a know trusted source, send a RST. If source is unknown, drop it. You can do that for icmp too... Cheers! -dt On Sat, Oct 10, 2009 at 7:25 AM, Jody & Jennifer McCluggage < j2mccluggage at adelphia.net> wrote:
Mt vote is for dropping. You still sometimes hear from RFC purists bemoaning the fact that many block and drop certain ICMP packets at their router. ------------------------------ *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto: pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Norman Rach *Sent:* Thursday, October 08, 2009 3:42 PM *To:* pauldotcom at mail.pauldotcom.com *Subject:* Re: [Pauldotcom] Drop or rst? Thanks everyone for your input. I'll add this to the agenda at our next meeting as discussion points. Cheers! NR ------------------------------ From: lostpacket at live.com To: pauldotcom at mail.pauldotcom.com Subject: Drop or rst? Date: Wed, 7 Oct 2009 09:39:07 -0700 Hi Everyone, I'm currently in a discussion about our current ruleset for iptables. Whether to be RFC compliant and issue a RST to those scanning/connecting to undesired ports or to drop the packet completely. By sending a rst back to the host aren't we letting the srcIP know that the traffic successfully arrived to the host without being intercepted by a network appliance (i.e. IDS/IPS, firewall, etc)? As far as I can tell this seems to be more of a discussion on one's own security posture preference. Any feedback is appreciated. Cheers! NR ------------------------------ Hotmail: Powerful Free email with security by Microsoft. Get it now.<http://clk.atdmt.com/GBL/go/171222986/direct/01/> ------------------------------ Hotmail: Trusted email with Microsoft?s powerful SPAM protection. Sign up now. <http://clk.atdmt.com/GBL/go/177141664/direct/01/> No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.421 / Virus Database: 270.14.8/2423 - Release Date: 10/08/09 18:33:00 _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091010/33da4564/attachment.htm
Current thread:
- Drop or rst?, (continued)
- Drop or rst? Brett Hoff (Oct 07)
- Drop or rst? Ben Greenfield (Oct 07)
- Drop or rst? Butturini, Russell (Oct 07)
- Drop or rst? Nils (Oct 08)
- Drop or rst? Jack Daniel (Oct 08)
- Drop or rst? Ben Greenfield (Oct 07)
- Drop or rst? Brett Hoff (Oct 07)
- Drop or rst? Michael Douglas (Oct 08)
- Drop or rst? Jody & Jennifer McCluggage (Oct 10)
- Drop or rst? Nick Drage (Oct 15)
- Drop or rst? Don Thomas (Oct 10)
- TheMiddler Nils (Oct 11)
- TheMiddler Rob Fuller (Oct 11)
- TheMiddler Nils (Oct 12)
- TheMiddler Nils (Oct 19)