Hosting Provided By

Re: iptables REJECT types for UDP (if any)

From: Steffen Dettmer <steffen(at)dett.de>
Date: Thu Nov 28 2002 - 05:00:20 EST

Michael wrote on Wed, Nov 27, 2002 at 14:13 -0500:
> In the case of my setup, I have to reject with host unreachable

If you feel a need to block traceroute, why don't block TTL exeeded but host unreachable? Did you mixed up the type 3 ICMPs, maybe? I suggest to block time-exceeded if you think you need it, but allow destination-unreachable at least for any that can be viewable, otherwise for the clients it takes long time to find out that a service isn't offered (well, I believe sometimes a connection is not an attack but a request :)).

oki,

Steffen

-- 
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

Received on Fri Nov 29 01:42:51 2002

This message: [ Message body ]
Next message: OTERO Hernan Gustavo EDS: "User´s and Shells"
Previous message: Russ Dill: "Re: iptables REJECT types for UDP (if any)"
In reply to Michael: "Re: iptables REJECT types for UDP (if any)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:19 EDT