Re: [Fedora] Re: iptables: drop or reject?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 10/25/07, Ashley M. Kirchner <[email protected]> wrote:
> Manuel Arostegui Ramirez wrote:
> > In this case, I would choose to drop packets since they're not going to stop,
> > it's better to do not increase the packets on your interface.
> >
>     That's kinda what I thought too, however as far as the sending
> machine is concerned, because it didn't get anything back, it could
> potentially see it as a successful delivery and thus continue to deliver
> more and more crap.  On the other hand, if it does get some kind of reset...

If you drop all packets then the remote host thinks that either your
host is down or that the IP address is not allocated to anyone.  This
takes a short amount of time to establish (maybe a few minutes,
depending on how the soamming is configured)

If you reject the packets, the remote hosts knows that your hosts
exists and is up, but won't know why it can't connect.  The remote
host knows this very quickly.

If its spam, drop the packets.  You will have the knowledge that at
least for a short period of time that you are tying up resources on
the spam box rather than the other way around.

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux