Glenn English wrote: > On Dec 6, 2009, at 12:03 AM, Todd Eddy wrote: > > >>> All traffic to any service not offered publicly somewhere on my network is >>> dropped without further comment at the border router. >>> >> Dropping packets that come in on unknown ports (called Stealthing) is >> actually against the official RFC. But it's done for security. >> > > I wondered about that when I first started learning how to use packet filters > and ACLs and stuff. But iptables (ipchains back then) and my Cisco toys all > do it, so I figured I must be misunderstanding something. > Actually, your Cisco toys by default send an ICMP message back when you block something using an access list. You can tell them not to do that using a configuration command (no ip unreachables) but it will be global for the interface. Iptables and ipchains allow you to specifiy this for individual items in the list.
Rob
_______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
