Re: is iptables enough?
>>>>> "Vineet" == Vineet Kumar <debian-security@virtual.doorstop.net> writes:
Vineet> * Adrian 'Dagurashibanipal' von Bidder
Vineet> <avbidder@fortytwo.ch> [20030320 06:39 PST]:
>> Set it up to block everything and then selectively open ports
>> until everything works as desired. Depending on the
>> applications it may be a good idea to REJECT auth (identd)
>> packets instead of dropping them - some applications have long
>> timeouts.
Vineet> IMO, it's a good idea to REJECT instead of DROPping most
Vineet> packets. If you think DROPping makes you invisible,
Vineet> you're deluding yourself. I generally end my INPUT chain
Um, would you be so kind as to explain the "deluding yourself" part or
point to some information that does so ? From what I have read on the
net using google a good number of people use drop to help with port
scanning (ie. port scanning will take a lot longer with drop then
reject), and also help with DoS, whereas reject is deemed more polite.
Sincerely,
Adrian Phillips
--
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now? [OK]
Reply to: