[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Firewall - DROP or DENY

What is the best policy for rules that respond to probes, DROP or DENY?

Dropping packets increases the cost of doing probes as it takes longer
to probe a machine.  On the other hand, DENY is probably more "friendly"
to legitimate (no-evil-intended) connection requests.   Is there really
any significant benefit to using DROP vs DENY, other than costing
potential attackers more time?


Nick Busigin  ...Sent from my Debian/GNU Linux Machine...   nick@xwing.org

To obtain my pgp public key, email me with the subject: "get pgp-key"

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: