Actually, I think you are being polite to send them any thing. I'd personally drop for two reasons:
1) Let them wait till they timeout. 2) Don't use up your own bandwidth to be polite to someone who's not. Ramin On Mon, Mar 25, 2002 at 04:31:27PM -0600, Daniel F. Chief Security Engineer - wrote: > This may be more philosophical than technical. > > I have several gateway firewalls using iptables : ) > > Big ones each one can see at peak around 100+ Mbs. I have many rules for > ports that are filtered to REJECT with am ICMP port or host unreachable. From > time to time I get e-mails from other _admins_ saying "Your IP > xxx.xxx.xxx.xxx is attacking us" some of them include packet logs showing > the ICMP packets coming from my firewall. So basically I tell them to check > out their own system as I know my firewalls are secure(of course i check them > out every time because Im paranoid). Telling them that it is possible that > some one spoofed their IP while sending me packets. But it could be port > scanners who may own the other guys box or have an account there which allows > them to portscan. > > By using the REJECTS to me seems it would possibly draw attention to these > systems that are doing such naughty things when a netadmin hopefully sees the > potentially hundreds of ICMP port unreachable coming in to his network headed > for one machine. I know I have filters setup to see this kind of stuff and > alert me to the possibility of a compromised machine. > > Im not trying to start a _Holy_war_ between DROP and REJECT fans, Just > wondering what the consenses is here. What should a good netezen do these > days. > > TIA > > > -- > Chief Security Engineer | Daniel Fairchild [EMAIL PROTECTED] > Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. > >
