[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Block stupid/annoying sites

>> What about using REJECT instead of DENY?  That way the browser should
>> immediately be told that the destination (in this case
>> ad.doubleclick.net)
>> could not be reached.
> I believe DENY would cause the browser to time out, but not right away.  I
> only use DENY for spam hosts/nets so that the spammer wastes more time.
> --

There is an additional difference. If someone runs a port scan against a
machine, anything that is denied will get no response. It will be as if there
is nothing there. If you are rejecting traffic, they will be able to tell that
there is something there that they are not allowed to access. They can simply
adjust their activity from a different location to see if they can gain access
to the rejected service.

E-Mail: George Bonser <grep@shorelink.com>
Date: 02-Sep-99
Time: 22:50:57

This message was sent by XFMail

Reply to: