dropping vs rejecting for non exixtent services
On some machine for which i can edvice but do not have final decision
there sare some non-exixtent services.
The administrator choose to drop packets sent to these ports.
This led some legitimate users to long timeout delay before automatically
switch to a different [active] service on another port.
I suggest to reject packet rather than dropping, so it would cause the
remote client to avoid waiting and immediately switch to the opther port.
What could be the advantage/disadvantage of this solution ?
(I know thatb this could give sono port-scanners an advantage. but is this
worth the anooyance to legitimate users ?)
On Sat, 30 Oct 2004, Rishi wrote:
> > - if you cannot be down for more than 5 minutes... you should have 2
> > complete independent systems ( properly configured and tested for
> > high-availability ... ) which has NOTHING to do with raid or mirror'ing
> > - if you cannot afford the extra hardware and extra time
> > to configure, than that extra hw costs should be
> > realistically weighed agaist how much $$$ is lost due to
> > the machine failure
>
> Hi Alvin,
>
> Thanks for the speedy response. This high-availability thing sounds
> interesting. Can you point me to some documentation on the NET that
> will help me achive this? I think it's worth investing the $$$ for
> this. I will try it on two spare computers at the office.
>
> Regards
>
> --
> Rishi
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
>
Reply to: