I'm in favor of dropping silently. - Your IP space can't be used to send RST packets to another target if someone spoofs packets to you. - It's potentially less CPU usage for your firewall. - You don't give out any info about your firewall.
Ron Gula Tenable Network Security Norman Rach wrote: > Hi Everyone, > > I'm currently in a discussion about our current ruleset for iptables. > Whether to be RFC compliant and issue a RST to those scanning/connecting > to undesired ports or to drop the packet completely. By sending a rst > back to the host aren't we letting the srcIP know that the traffic > successfully arrived to the host without being intercepted by a network > appliance (i.e. IDS/IPS, firewall, etc)? > > As far as I can tell this seems to be more of a discussion on one's own > security posture preference. Any feedback is appreciated. > > Cheers! > NR > > ------------------------------------------------------------------------ > Hotmail: Powerful Free email with security by Microsoft. Get it now. > <http://clk.atdmt.com/GBL/go/171222986/direct/01/> > > > ------------------------------------------------------------------------ > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -- Ron Gula, CEO Tenable Network Security _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
