On Fri, 12 Nov 2010 17:29:53 -0500 Chris Smith <[email protected]> wrote:
> On Fri, Nov 12, 2010 at 5:06 PM, David Astua <[email protected]> wrote: > > Check this: > > http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject > > Good article. "Stealth" mode is highly overrated. I generally use > return except in the case of bogons. > I'd say drop mode saves some resources in case of dos and does slow down the scan. I don't see timeouts for users connecting to the wrong place as a big problem at all, though the messages may help them very occasionally. I wonder whether a labrea/stutter type option for pf would be cool in some cases?
