Re: ipchains rules: REJECT vs. DENY
At 996089571s since epoch (07/25/01 14:32:51 -0400 UTC), Noah Meyerhans wrote:
> There's definitely no consensus on this; it's largely a matter of
> personal taste.
I definitely agree there.
> I don't see how making portscans take longer equates to making them
> more difficult to perform, as you (Jason) claim.
More for mass-portscanning issues than anything else. I get between
20-50 scans a day (I'm on a cable modem). Most of them are looking
for FTP servers (files, some root exploits), telnet (root exploits)
RPC (root exploits) or DNS (root exploits). I don't run any of those
services, and I really don't want to let the script kiddies in on the
fact that I'm out there. Therefore, I don't return anything to these
people.
It also has the advantage of taking several minutes to perform a full
portscan, rather than a few seconds, but that just makes life more
annoying than anything; no real security is gained.
I know it's not "nice" to drop packets on the floor, but the way I see
it, these guys don't deserve to be treated nicely to start with... =)
Jason
--
Jason Healy | jhealy@logn.net
LogN Systems | http://www.logn.net/
Reply to: