Port 25
Jose Maria Lopez
jkerouac at bgsec.com
Tue Feb 8 14:52:28 CET 2005
El mar, 08 de 02 de 2005 a las 14:15, Jason Opperisano escribió:
> i propose that the exact opposite is true. why should i make my
> firewall undertake the effort of generating a RST packet for every yahoo
> on the Internet that wants to scan my IP range for TCP 139, 445, etc.
>
> DROP-ing a packet doesn't take any real effort on the firewall's part;
> whereas generating a RST packet adds at least some overhead--which in
> the extreme case could be significant.
>
> -j
I see your point, but just googling a bit:
http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
so things are maybe somewhat more complex.
Regards.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
More information about the netfilter
mailing list