[lug] IP Tables
karl horlen
horlenkarl at yahoo.com
Sat Sep 22 18:00:34 MDT 2007
> > My thought is that hackers are not likely
> > to keep retrying (but maybe they would) and just
> > move on. If they did get a reject though, they
> > might just keep trying. Probably another port.
>
> It speeds up their ability to do the queries also,
> if your machine is
> polite enough to answer "Nope!" on every single port
> with a REJECT.
> Otherwise, they have to wait for whatever timeout
> value they deem
> appropriate.
which begs a different but related question.
if i did open up icmp, i imagine i might be able to
specify a delay time for the reply in the iptables
rule? if i could do that, i could at least limit the
bandwidth ping attacks consume on my pipe. I know it
might not make that much of a difference. But then
again it could versus if no delay was added. Not even
sure i can do this but it seems feasible.
____________________________________________________________________________________
Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545433
More information about the LUG
mailing list