[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new, not nice web bots disposal



On 2/27/20, tomas@tuxteam.de <tomas@tuxteam.de> wrote:
> On Thu, Feb 27, 2020 at 10:07:18AM -0500, Lee wrote:
>> On 2/27/20, tomas@tuxteam.de  wrote:
>> > On Wed, Feb 26, 2020 at 11:25:53PM -0500, Lee wrote:
>> >
>> > [...]
>> >
>> >> You're advertising your web server in your sig.  The "other side"
>> >> ALREADY KNOWS you have a web server there.
>> >
>> > If that "other side" is reading your emails, that is.
>> >
>> > Not a likely scenario if that "other side" is some malware
>> > running in some whatever-of-things lightbulb or cat feeder.
>>
>> This thread is NOT about likely scenarios; we're talking about
>>
>> | over the last 90 days or so, we seem to have been plauged with a new
>> | breed of bots [...]
>
>> I'm saying it might be better to reject than drop.  Watch the logs and
>> if the A-H's ignore RSTs then go back to drop.
>
> I disagree. DROP is the right thing on the Big Bad Internet. And I
> explained
> upthread why: better to not let "them" know that you even are there.

They already know his server is there!!!  Gene created the iptable
rules **because** they were eating up too much of his bandwidth.

> Another reason: one less useless packet crossing the Internet.

vs. all the useless retries?

What I'm saying is that **it's possible** they'll respect a RST and
stop trying to connect to his server (in which case it's not a
'useless packet crossing the Internet.')  If they do respect RSTs then
Gene wins and if they don't (he needs to monitor his logs to see if
they keep retrying or not) then go back to DROP

Lee


Reply to: