[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

dropping vs rejecting for non exixtent services



On some machine for which i can edvice but do not have final decision
there sare some non-exixtent services.
The administrator choose to drop packets sent to these ports.
This led some legitimate users to long timeout delay before automatically
switch to a different [active] service on another port.
I suggest to reject packet rather than dropping, so it would cause the
remote client to avoid waiting and immediately switch to the opther port.
What could be the advantage/disadvantage of this solution ?  
(I know thatb this could give sono port-scanners an advantage. but is this
worth the anooyance to legitimate users ?)

On Sat, 30 Oct 2004, Rishi wrote:

> > - if you cannot be down for more than 5 minutes... you should have 2
> >   complete independent systems ( properly configured and tested for
> >   high-availability ... ) which has NOTHING to do with raid or mirror'ing
> >         - if you cannot afford the extra hardware and extra time
> >         to configure, than that extra hw costs should be
> >         realistically weighed agaist how much $$$ is lost due to
> >         the machine failure
> 
> Hi Alvin,
> 
> Thanks for the speedy response. This high-availability thing sounds
> interesting. Can you point me to some documentation on the NET that
> will help me achive this? I think it's worth investing the $$$ for
> this. I will try it on two spare computers at the office.
> 
> Regards
> 
> -- 
> Rishi
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 
> 



Reply to: