On the other hand if you allow everything and only want to block packets to certain (maybe M$ related) ports, then DROPping them is seen by the evil attacker scanning your network's holes. Altho REJECTing is more polite way of doing it, DROPping is more secure. Also REJECT sends a port unreachable ICMP back to the dropped packet's origin.
Someone correct me if I'm wrong since I'm quite new on netfilter.
Guilherme Viebig wrote:
Some say that DROP is the ideal manner to deal with non authorized requests, but using DROP let the atacker know the ports which are filtered. Using REJECT simply add one step to all proccess, sending the reject signal back to the oringin.
What your perspective about it?
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
