Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

iptables drop or reject



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 13 August 2003 14:58, smallm at panix.com wrote:
> 	I'm curious whether using drop or reject as an iptables
> target would deal better with traffic from worms like msblast.  I 
> thought perhaps the scans were bogging down my box at home, although 
> it looks like rcn must have had some kind of problem which they 
> recently fixed, which may or may not have been related to the worm.


I have read that drop is a better bet in terms of defending against an attack: 
packets sent to the box disappear down a black hole, and the attacker may not 
be able to ascertain the state of the victim.
In terms of cutting down network traffic with respect to msblast, drop sounds 
like the more appropriate of the two.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/OopusIjNiQTGkXARAjuDAKClRp1DFF1D0dfumNsiMJd1zW0i0wCgsjQj
mPTBbeTx5SO9kURFmhYMH7g=
=NQ6n
-----END PGP SIGNATURE-----





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org