Security Basics mailing list archives
RE: Iptables Clues and Advices.
From: "Allan Schon" <allanschon () mckinleymachinery com>
Date: Mon, 7 Apr 2003 11:53:28 -0400
it will also result into a mess, because the server will be a hole in space (regarding the blocked ports). And what are the benefits (if there are any) of this practice?
Well, the primary benefit is that attackers scanning for specific open ports in your ip range will never find your machine, if you're dropping connection attempts to the target port. That's a considerable advantage, I think. They can't attack you if they don't know you're there. Are there any specific disadvantages to DROPing? -----Original Message----- From: Andreas Happe [mailto:andreashappe () gmx net] Sent: Saturday, April 05, 2003 5:29 PM To: security-basics () securityfocus com Subject: Re: Iptables Clues and Advices. In article <1049484753.24055.41.camel () unsigned local fr>, Pierre BETOUIN wrote:
DROP would be better there because you don't need to prevent attackers that this port is filtered.
it will also result into a mess, because the server will be a
hole in space (regarding the blocked ports). And what are the benefits
(if there are any) of this practice?
andreas
--
I tell them to turn to the study of mathematics, for it is only there
that they might escape the lusts of the flesh.
-- Thomas Mann, "The Magic Mountain"
-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics
<b>
-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------
</b>
Current thread:
- Iptables Clues and Advices. Nahual Guerrero (Apr 03)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- Re: Iptables Clues and Advices. Christian Friedl (Apr 04)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- Re: Iptables Clues and Advices. Andreas Happe (Apr 07)
- Re: Iptables Clues and Advices. panth3r (Apr 07)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- <Possible follow-ups>
- RE: Iptables Clues and Advices. Allan Schon (Apr 07)
- RE: Iptables Clues and Advices. David Gillett (Apr 08)
- RE: Iptables Clues and Advices. Jason Dixon (Apr 08)
- Re: Iptables Clues and Advices. Andres j. Ogayar (Apr 09)
- RE: Iptables Clues and Advices. Steve Bremer (Apr 09)
- Re: Iptables Clues and Advices. Salvatore Poliandro (Apr 10)
- RE: Iptables Clues and Advices. Benjamin Meade (Apr 09)
- Re: Iptables Clues and Advices. Bryan S. Sampsel (Apr 09)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Iptables Clues and Advices. Bryan S. Sampsel (Apr 10)
- RE: Iptables Clues and Advices. David Gillett (Apr 08)
- Re: RE: Iptables Clues and Advices. Christian Friedl (Apr 09)
- Re: Iptables Clues and Advices. Julien Royère (Apr 09)