AW: [Dshield] firewall policy recomendations

Graham K. Dodd g.dodd at falk-ross.de
Fri May 31 08:08:11 GMT 2002


What is the effect on the firewall / network when you tie up a probers
attack ?

Some of us don't even have a partial T1 and run on a minimum budget so we
don't want to waste our resources just to annoy hackers who obviously has
lot's of time to waste anyway..........

BTW I'm not flaming Kenneth and his policies, I want to know whether I can
adopt this sort of policy without affecting my companies "small, but very
important" network.


thanks,
	Graham


-----Ursprüngliche Nachricht-----
Von: list-admin at dshield.org [mailto:list-admin at dshield.org]Im Auftrag
von Kenneth Porter
Gesendet: Mittwoch, 29. Mai 2002 17:35
An: DShield List
Betreff: Re: [Dshield] firewall policy recomendations


On Wed, 2002-05-29 at 07:01, Chad Albert wrote:
> I am curious to know what most people on this list think is the best
> practice when blocking traffic with a firewall.  I see many firewalls that
> drop unwanted TCP packets, many that send a rst packet, some drop unwanted
> UDP, and some send ICMP type 3 (destination unreachable).

Drop anything you don't expect. That'll tie up a prober waiting for his
SYN to be ACK'd, slowing down his scans.





More information about the list mailing list