Re: [Fedora] Re: iptables: drop or reject?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/25/07, Ashley M. Kirchner <ashley@xxxxxxxxxx> wrote:
> Manuel Arostegui Ramirez wrote:
> > In this case, I would choose to drop packets since they're not going to stop,
> > it's better to do not increase the packets on your interface.
> >
>     That's kinda what I thought too, however as far as the sending
> machine is concerned, because it didn't get anything back, it could
> potentially see it as a successful delivery and thus continue to deliver
> more and more crap.  On the other hand, if it does get some kind of reset...

If you drop all packets then the remote host thinks that either your
host is down or that the IP address is not allocated to anyone.  This
takes a short amount of time to establish (maybe a few minutes,
depending on how the soamming is configured)

If you reject the packets, the remote hosts knows that your hosts
exists and is up, but won't know why it can't connect.  The remote
host knows this very quickly.

If its spam, drop the packets.  You will have the knowledge that at
least for a short period of time that you are tying up resources on
the spam box rather than the other way around.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux