> -----Original Message----- > From: Jack Bowling [mailto:[EMAIL PROTECTED]] > Sent: Thursday, September 19, 2002 11:29 AM > To: [EMAIL PROTECTED] > Subject: Re: Iptables UDP jump to DROP or REJECT? > > > ** Reply to message from Mike Burger > <[EMAIL PROTECTED]> on Thu, 19 Sep 2002 07:49:24 -0500 (EST) > > > > In order for the firewall to DROP a packet, it has to first > allow the > > packet to enter the firewall for checking. > > > > If the firewall is set to REJECT the packet, it simply > closes the port > > and > > doesn't accept connections on it, making it look like it's closed. > > But, if you REJECT a packet, it sends back a "port > unreachable" return packet (this by the laws of the RFC). If > you DROP a packet, it dies on the floor with no return. So > you will always know when you have been REJECTed, but you > will not always know if you have been DROPped... unless the > scanner assumes that if it does not get an immediate > response, then the packet has been dropped and a firewall must be up.
Seems to me that the preferred behaviour is to drop and thus neither confirm nor deny that you even exist. Of course for UDP packets that doesn't seem to matter much. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
