Re: Iptables Clues and Advices.

From: Andres j. Ogayar <aos(at)arquired.es>
Date: Wed Apr 09 2003 - 02:52:54 EDT

A quick issue comes to mind when reading the article mentioned below.

It states as a conclusion that:

    "DROP offers no effective barrier to hostile forces but can dramatically slow down applications run by legitimate users. DROP should not normally be used."

But, why a L E G I T M A T E user shoud make a connection to a closed (either rejected or dropped) port? A legitimate user shall know which services are provided, and hence, make connects to normalyu open ports; won't he?

Best regards,

Andres O.

Malaga, Spain.

• Original Message ----- From: "Jason Dixon" <jasondixon@myrealbox.com> To: <gillettdavid@fhda.edu> Cc: <security-basics@securityfocus.com> Sent: Tuesday, April 08, 2003 6:19 PM Subject: RE: Iptables Clues and Advices.

> For all the folks who illusion that DROP is more secure than REJECT, I
technical support.
> > Stop SPAM before it stops you.
technical support.
> Stop SPAM before it stops you.
> -------------------------------------------------------------------
>

---

Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection.
http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you.

---

Received on Wed Apr 9 12:38:17 2003