El lun, 07 de 02 de 2005 a las 19:30, R. DuFresne escribiÃ: > I've never heard it is bad, but, te question is how nice one wishes to be > to those trying to transgess your security profile. I tend to use alot of > drops, especially for ports like ftp, telnet, some of the printer and > shell exec ports, any ports trojans are fond of. The drop make the other > end continue trying till the command/connect attepmt is either aborted or > timesout, and with autoomated attacks, that can slow down the how little > nasty prog. Kinder to me and my other servers, as well as others on the > net when I can slow these things down some. Reject with rst, those are > for the ports that you wish to treat the otherend nicely from. I don't have the documentation handy, but it said making just a DROP could lead you to being DOS attacked. Have anybody heard something about this? > Thanks, > > Ron DuFresne Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
