Hi Everyone,
I'm currently in a discussion about our current ruleset for iptables. Whether
to be RFC compliant and issue a RST to those scanning/connecting to undesired
ports or to drop the packet completely. By sending a rst back to the host
aren't we letting the srcIP know that the traffic successfully arrived to the
host without being intercepted by a network appliance (i.e. IDS/IPS, firewall,
etc)?
As far as I can tell this seems to be more of a discussion on one's own
security posture preference. Any feedback is appreciated.
Cheers!
NR
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/171222986/direct/01/_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
