Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Wed, Aug 13, 2003 at 02:58:54PM -0400, Dan Barrett wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wednesday 13 August 2003 14:58, smallm at panix.com wrote: > > I'm curious whether using drop or reject as an iptables > > target would deal better with traffic from worms like msblast. I > > thought perhaps the scans were bogging down my box at home, although > > it looks like rcn must have had some kind of problem which they > > recently fixed, which may or may not have been related to the worm. > > > I have read that drop is a better bet in terms of defending against an attack: > packets sent to the box disappear down a black hole, and the attacker may not > be able to ascertain the state of the victim. > In terms of cutting down network traffic with respect to msblast, drop sounds > like the more appropriate of the two. If you're reasonably current on iptables, "TARPIT" is a nasty target for bogging down port scans. It ties them up in a lengthy protocol exchange without tying up your own system resources. http://cpc.freeshell.org/linux/kernel-tarpit.html Nathan Meyers nmeyers at javalinux.net
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |