+1 for the opinions expressed so far. Most commercial firewalls even have a "stealth mode" type feature that turns this sort of functionality on for you.
________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Ben Greenfield Sent: Wednesday, October 07, 2009 2:53 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Drop or rst? I agree with Brett and Ron, to an attacker / pen tester a silently dropped packet doesn't offer much. A reset packet is a lot more indicative that some processing occurred. On Wed, Oct 7, 2009 at 2:52 PM, Brett Hoff <[email protected]> wrote: I also like to drop silently. I have built and monitor over 100 firewalls and almost always choose this option. Brett Hoff RHCT, Linux +, Security+ Senior Security and Linux instructor Senior IT Security Engineer GCFA "Certified Forensics Analyst" Antler Computer Consulting Antler, Inc. We do IT World Class! 850-857-7707 itworldclass.com ________________________________ From: [email protected] [mailto: [email protected]] On Behalf Of Norman Rach Sent: Wednesday, October 07, 2009 11:39 AM To: [email protected] Subject: [Pauldotcom] Drop or rst? Hi Everyone, I'm currently in a discussion about our current ruleset for iptables. Whether to be RFC compliant and issue a RST to those scanning/connecting to undesired ports or to drop the packet completely. By sending a rst back to the host aren't we letting the srcIP know that the traffic successfully arrived to the host without being intercepted by a network appliance (i.e. IDS/IPS, firewall, etc)? As far as I can tell this seems to be more of a discussion on one's own security posture preference. Any feedback is appreciated. Cheers! NR ________________________________ Hotmail: Powerful Free email with security by Microsoft. Get it now. <http://clk.atdmt.com/GBL/go/171222986/direct/01/> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4487 (20091007) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4488 (20091007) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com ****************************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ******************************************************************************
<<image001.jpg>>
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
