[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall - DROP or DENY

Hi ... 

On Mon, Apr 15, 2002 at 06:05:52PM +0200, Arne P. Boettger wrote:
>> On Mon, Apr 15, 2002 at 04:05:51PM +0200, Jan Arne Fagertun wrote:
>> >> Is there really
>> >> any significant benefit to using DROP vs DENY, other than costing
>> >> potential attackers more time?
>> >If you DENY you tell potential attackers "Yes, I'm here, but I (try to)
>> >deny you access", and he/she may try harder. If you DROP the attacker
>> >don't even know you are there, and there is no reason to try harder...
>> But dropping the packages will erase your traffic.
>> If you reject with host unreachable, you will get the same effect with
>> the less traffic...
>Yes, but you might trick legal clients into thinking that your
>server is completely unreachable, thus make it impossible for them
>to connect to you at all.

This will only work, if you have an passive server, like a masq-router.
If you have a webserver/mailserver ... then you can see, that there is a
server by using nmap.

You are not invisible then.


One time, you all will be emulated by linux!

Jan- Hendrik Palic
E-Mail: "palic@billgotchy.de"

Version: 3.12
GCS d- s: a-- C++ UL++ P+++ L+++ E W++ N+ o+ K- w--- 
O- M- V- PS++ PE Y+ PGP++ t--- 5- X+++ R-- tv- b++ DI-- D+++ 
G+++ e+++ h+ r++ z+ 

Attachment: pgpCDxETLF7Sb.pgp
Description: PGP signature

Reply to: