Depending on the Firewall, you might be able to do both. If the packet is coming from a know trusted source, send a RST. If source is unknown, drop it.
You can do that for icmp too... Cheers! -dt On Sat, Oct 10, 2009 at 7:25 AM, Jody & Jennifer McCluggage < [email protected]> wrote: > Mt vote is for dropping. You still sometimes hear from RFC purists > bemoaning the fact that many block and drop certain ICMP packets at their > router. > > > ------------------------------ > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Norman Rach > *Sent:* Thursday, October 08, 2009 3:42 PM > *To:* [email protected] > *Subject:* Re: [Pauldotcom] Drop or rst? > > > > Thanks everyone for your input. I'll add this to the agenda at our next > meeting as discussion points. > > Cheers! > NR > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: Drop or rst? > Date: Wed, 7 Oct 2009 09:39:07 -0700 > > Hi Everyone, > > I'm currently in a discussion about our current ruleset for iptables. > Whether to be RFC compliant and issue a RST to those scanning/connecting to > undesired ports or to drop the packet completely. By sending a rst back to > the host aren't we letting the srcIP know that the traffic > successfully arrived to the host without being intercepted by a network > appliance (i.e. IDS/IPS, firewall, etc)? > > As far as I can tell this seems to be more of a discussion on one's own > security posture preference. Any feedback is appreciated. > > Cheers! > NR > ------------------------------ > > Hotmail: Powerful Free email with security by Microsoft. Get it > now.<http://clk.atdmt.com/GBL/go/171222986/direct/01/> > ------------------------------ > > Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up > now. <http://clk.atdmt.com/GBL/go/177141664/direct/01/> > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.421 / Virus Database: 270.14.8/2423 - Release Date: 10/08/09 > 18:33:00 > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
