reject: let the client know his packet has been dumped, the same action that
would happen if you were trying to connect to a service that was not
running.
usefull in makeing your server appear dumb (not running a firewall type
thing).
deny: throw the packet away, dont send a response. The attempt will
eventually time out, usefull in makeing portscans take a long time, and
strong evidence that you have some sort of filtering in place.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Bennett Samowich
> Sent: Wednesday, September 08, 1999 4:43 AM
> To: Firewalls
> Subject: deny or reject
>
>
> This may be another newbie question, when "dis-allowing" certain packets
> is it better to deny or reject? Why the different actions?
>
> Thanks
> - Bennett
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
