[Dshield] firewall policy recomendations

Chad Albert chadalbert at mchsi.com
Fri May 31 13:11:30 GMT 2002


By dropping the packets, you are actually generating less traffic.  This
will use less resources, especially bandwidth.  What Kevin is talking about
is that it will take a prober more time to scan you because they will have
to wait for a timeout to occur rather than getting a response back from you
that says "I'm not running anything there"


Chad


----- Original Message -----
From: "Graham K. Dodd" <g.dodd at falk-ross.de>
To: <list at dshield.org>
Sent: Friday, May 31, 2002 3:08 AM
Subject: AW: [Dshield] firewall policy recomendations


> What is the effect on the firewall / network when you tie up a probers
> attack ?
>
> Some of us don't even have a partial T1 and run on a minimum budget so we
> don't want to waste our resources just to annoy hackers who obviously has
> lot's of time to waste anyway..........
>
> BTW I'm not flaming Kenneth and his policies, I want to know whether I can
> adopt this sort of policy without affecting my companies "small, but very
> important" network.
>
>
> thanks,
> Graham
>
>
> -----Ursprüngliche Nachricht-----
> Von: list-admin at dshield.org [mailto:list-admin at dshield.org]Im Auftrag
> von Kenneth Porter
> Gesendet: Mittwoch, 29. Mai 2002 17:35
> An: DShield List
> Betreff: Re: [Dshield] firewall policy recomendations
>
>
> On Wed, 2002-05-29 at 07:01, Chad Albert wrote:
> > I am curious to know what most people on this list think is the best
> > practice when blocking traffic with a firewall.  I see many firewalls
that
> > drop unwanted TCP packets, many that send a rst packet, some drop
unwanted
> > UDP, and some send ICMP type 3 (destination unreachable).
>
> Drop anything you don't expect. That'll tie up a prober waiting for his
> SYN to be ACK'd, slowing down his scans.
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.368 / Virus Database: 204 - Release Date: 5/29/2002




More information about the list mailing list