On Mon, 2003-06-30 at 11:56, Alan L Tyree wrote: <snipped> > I would be interested in hearing opinions. I have everything possible > set to "drop" - influenced by the scan sites such as GRC and Sygate. > They seem to imply that dropping is better than rejecting. Bering > defaults had everything dropped except for the IDENT port.
I drop everything, but I made the exception for the IDENT port, but only for the mail servers I pop. Some mail servers attempts an ident when a POP session is started, and dropping this attempt means waiting for the query to timeout, rejecting it ensures the POP session continues promptly. Poorly made port scanners will also be delayed by dropping as they must timeout each port connection, if each connection is rejected the scan can be done much faster. Cheers, Malcolm V. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
