[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains rules: REJECT vs. DENY



At 996089571s since epoch (07/25/01 14:32:51 -0400 UTC), Noah Meyerhans wrote:
> There's definitely no consensus on this; it's largely a matter of
> personal taste.

I definitely agree there.

> I don't see how making portscans take longer equates to making them 
> more difficult to perform, as you (Jason) claim.

More for mass-portscanning issues than anything else.  I get between
20-50 scans a day (I'm on a cable modem).  Most of them are looking
for FTP servers (files, some root exploits), telnet (root exploits)
RPC (root exploits) or DNS (root exploits).  I don't run any of those 
services, and I really don't want to let the script kiddies in on the
fact that I'm out there.  Therefore, I don't return anything to these
people.

It also has the advantage of taking several minutes to perform a full
portscan, rather than a few seconds, but that just makes life more
annoying than anything; no real security is gained.

I know it's not "nice" to drop packets on the floor, but the way I see
it, these guys don't deserve to be treated nicely to start with...  =)

Jason

--
Jason Healy    |     jhealy@logn.net
LogN Systems   |   http://www.logn.net/



Reply to: