[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [LARTC] REJECTing: How and When to use What type of reply.

Mensaje citado por Roland Mas <roland.mas@free.fr>:

> Tarragon Allen, 2003-09-20 01:20:19 +0200 :
> [...]
> > The only disctinction between the two that I make is that a REJECT
> > is polite, and a DROP is rude. Also, a REJECT says to the other end
> > "yes, there is a host there" whereas a DROP say "I got nothing,
> > looks like there's nothing there".
> I agree with that.
> > For home connections I tend to just DROP everything that I don't
> > want - this makes it slower for people to scan, as they aren't
> > getting a valid response from every non-open port on my system.
>   I have a slightly more complex rule: I try to maintain a minimum
> level of politeness, while limiting the amount of outgoing bandwidth I
> use (I resent the A in ADSL).  So if someone accidentally tries to
> connect to me, he gets a REJECT, but if I get scanned, or attacked, at
> most one REJECT packet will be sent out every second, allowing for the
> iptables burst mechanism which I'm not totally clear with yet.
>   Voilà!  Polite with good guys, ignoring the baddies, and not using
> much outgoing bandwidth.  I agree this is an approximation of what
> really happens (good guys can be ignored too if they happen to try to
> connect during a scan), but it works for me.
> Roland.
> -- 
> Roland Mas
> Sauvez les castors, plantez des arbres.

  How does one play with this burst mode? can you exemplify with iptables rules?




Reply to: