El mar, 08 de 02 de 2005 a las 14:15, Jason Opperisano escribiÃ: > i propose that the exact opposite is true. why should i make my > firewall undertake the effort of generating a RST packet for every yahoo > on the Internet that wants to scan my IP range for TCP 139, 445, etc. > > DROP-ing a packet doesn't take any real effort on the firewall's part; > whereas generating a RST packet adds at least some overhead--which in > the extreme case could be significant. > > -j I see your point, but just googling a bit: http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject so things are maybe somewhat more complex. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
