[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall - DROP or DENY

Hi .. 

On Mon, Apr 15, 2002 at 04:05:51PM +0200, Jan Arne Fagertun wrote:
>> Is there really
>> any significant benefit to using DROP vs DENY, other than costing
>> potential attackers more time?
>If you DENY you tell potential attackers "Yes, I'm here, but I (try to)
>deny you access", and he/she may try harder. If you DROP the attacker
>don't even know you are there, and there is no reason to try harder...

But dropping the packages will erase your traffic.
If you reject with host unreachable, you will get the same effect with
the less traffic...

	regards	

		Jan

-- 
One time, you all will be emulated by linux!

----
Jan- Hendrik Palic
Url:"http://www.billgotchy.de";
E-Mail: "palic@billgotchy.de"

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s: a-- C++ UL++ P+++ L+++ E W++ N+ o+ K- w--- 
O- M- V- PS++ PE Y+ PGP++ t--- 5- X+++ R-- tv- b++ DI-- D+++ 
G+++ e+++ h+ r++ z+ 
------END GEEK CODE BLOCK------


--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: