 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | About BLU |
On Wed, Aug 13, 2003 at 02:58:54PM -0400, Dan Barrett wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wednesday 13 August 2003 14:58, smallm at panix.com wrote:
> > I'm curious whether using drop or reject as an iptables
> > target would deal better with traffic from worms like msblast. I
> > thought perhaps the scans were bogging down my box at home, although
> > it looks like rcn must have had some kind of problem which they
> > recently fixed, which may or may not have been related to the worm.
>
>
> I have read that drop is a better bet in terms of defending against an attack:
> packets sent to the box disappear down a black hole, and the attacker may not
> be able to ascertain the state of the victim.
> In terms of cutting down network traffic with respect to msblast, drop sounds
> like the more appropriate of the two.
If you're reasonably current on iptables, "TARPIT" is a nasty target for
bogging down port scans. It ties them up in a lengthy protocol exchange
without tying up your own system resources.
http://cpc.freeshell.org/linux/kernel-tarpit.html
Nathan Meyers
nmeyers at javalinux.net
