Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > security-basics > 03 > 043066.html (Request Expert securityfocus.com Support)

RE: Iptables Clues and Advices.

From: Allan Schon <allanschon(at)mckinleymachinery.com>
Date: Wed Apr 09 2003 - 09:54:28 EDT


OK, so I was gonna fire off a response that argued that the advantages to REJECT mentioned in the article weren't very useful, but I Googled the topic, and came up with another advantage to REJECT. If you are sending out the host-unreachable response, an attacker will have a tough time spoofing your IP address, unless he can take your computer down, somehow.

http://www.linuxsecurity.com/articles/firewalls_article-3055.html

DROP seems more secure, on cursory examination, but the more I dig into it, the more I think that REJECTing might be a better policy. I may be reconfiguring my firewall this evening...

Anyone else have any insight into this topic?

-----Original Message-----
From: Jason Dixon [mailto:jasondixon@myrealbox.com] Sent: Tuesday, April 08, 2003 12:20 PM
To: gillettdavid@fhda.edu
Cc: security-basics@securityfocus.com
Subject: RE: Iptables Clues and Advices.

For all the folks who illusion that DROP is more secure than REJECT, I submit the following:

http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject

-J.

Do you need help?X

On Mon, 2003-04-07 at 20:03, David Gillett wrote:
> There is ONE specific case in which I REJECT rather than

> <b>
> -------------------------------------------------------------------


Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection.
http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you.

Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection.
http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you.
Received on Wed Apr 9 12:38:17 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:04:00 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library