Re: [LARTC] REJECTing: How and When to use What type of reply.
Mensaje citado por Roland Mas <roland.mas@free.fr>:
> Tarragon Allen, 2003-09-20 01:20:19 +0200 :
>
>
> [...]
>
> > The only disctinction between the two that I make is that a REJECT
> > is polite, and a DROP is rude. Also, a REJECT says to the other end
> > "yes, there is a host there" whereas a DROP say "I got nothing,
> > looks like there's nothing there".
>
> I agree with that.
>
> > For home connections I tend to just DROP everything that I don't
> > want - this makes it slower for people to scan, as they aren't
> > getting a valid response from every non-open port on my system.
>
> I have a slightly more complex rule: I try to maintain a minimum
> level of politeness, while limiting the amount of outgoing bandwidth I
> use (I resent the A in ADSL). So if someone accidentally tries to
> connect to me, he gets a REJECT, but if I get scanned, or attacked, at
> most one REJECT packet will be sent out every second, allowing for the
> iptables burst mechanism which I'm not totally clear with yet.
>
> Voilà! Polite with good guys, ignoring the baddies, and not using
> much outgoing bandwidth. I agree this is an approximation of what
> really happens (good guys can be ignored too if they happen to try to
> connect during a scan), but it works for me.
>
> Roland.
> --
> Roland Mas
>
> Sauvez les castors, plantez des arbres.
>
>
How does one play with this burst mode? can you exemplify with iptables rules?
Merci
José
---
Reply to: