On 10/25/07, Ashley M. Kirchner <[email protected]> wrote: > Manuel Arostegui Ramirez wrote: > > In this case, I would choose to drop packets since they're not going to stop, > > it's better to do not increase the packets on your interface. > > > That's kinda what I thought too, however as far as the sending > machine is concerned, because it didn't get anything back, it could > potentially see it as a successful delivery and thus continue to deliver > more and more crap. On the other hand, if it does get some kind of reset... If you drop all packets then the remote host thinks that either your host is down or that the IP address is not allocated to anyone. This takes a short amount of time to establish (maybe a few minutes, depending on how the soamming is configured) If you reject the packets, the remote hosts knows that your hosts exists and is up, but won't know why it can't connect. The remote host knows this very quickly. If its spam, drop the packets. You will have the knowledge that at least for a short period of time that you are tying up resources on the spam box rather than the other way around.