Re: [LARTC] REJECTing: How and When to use What type of reply.
Mensaje citado por Roland Mas <email@example.com>:
> Tarragon Allen, 2003-09-20 01:20:19 +0200 :
> > The only disctinction between the two that I make is that a REJECT
> > is polite, and a DROP is rude. Also, a REJECT says to the other end
> > "yes, there is a host there" whereas a DROP say "I got nothing,
> > looks like there's nothing there".
> I agree with that.
> > For home connections I tend to just DROP everything that I don't
> > want - this makes it slower for people to scan, as they aren't
> > getting a valid response from every non-open port on my system.
> I have a slightly more complex rule: I try to maintain a minimum
> level of politeness, while limiting the amount of outgoing bandwidth I
> use (I resent the A in ADSL). So if someone accidentally tries to
> connect to me, he gets a REJECT, but if I get scanned, or attacked, at
> most one REJECT packet will be sent out every second, allowing for the
> iptables burst mechanism which I'm not totally clear with yet.
> Voilà! Polite with good guys, ignoring the baddies, and not using
> much outgoing bandwidth. I agree this is an approximation of what
> really happens (good guys can be ignored too if they happen to try to
> connect during a scan), but it works for me.
> Roland Mas
> Sauvez les castors, plantez des arbres.
How does one play with this burst mode? can you exemplify with iptables rules?