On 17 Jul 00, at 16:07, Fredy Santana wrote:
> I read your questions, but i have a question: What are the difference
> between "refused" and "dropped"
Someone knocks on the door. You don't want to talk to them.
Actually, you'd like them to think you're not home. (Imagine this is
the bill collector, and you *REALLY* don't want to talk to them!)
Would you rather (1) sit really still and not make a sound until he
goes away, or (2) yell at the top of your voice "No one's home!"?
Refused is the equivalent of (2), drop is the equivalent of (1).
Ideally I should be able to choose the behavior I want, but if that's
asking too much, I want the drop not the refusal. Let's say you have
only a couple of ports open. If a scanner doesn't happen to scan
those ports, and you're dropping, the scanner won't even know you're
there -- there's no perceptible difference between not having a host
connected at that IP address and a drop. If you're refusing, the
scanner is notified instantaneously that you refuse, and can say
"Aha! someone's here and not letting me into this port. I wonder
what else I can get into." It's like an advertisement that you're
accepting services *somewhere*. Not the right behavior at all,
normally, for a good firewall ...
You might choose refusal over drop in an unusual circumstance, like
moving services to a new host, keeping the old one around for a while
but taking down the services. That way the refusal is more aimed at
your real users than someone trolling for holes. But I would think
this would be the exception.
---
#include <disclaimer.h>
Jim Rosenberg
Ross Mould
259 S. College St.
Washington, PA 15301
(724) 222-7006 x 189
E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
