Re: rst or drop when defining PF firewall rules.

From: sam (sam.wun_at_authtec.net)
Date: 11/09/04


Date: Tue, 09 Nov 2004 13:51:19 +0800

Conrad J. Sabatier wrote:
> In article <cmn5v4$1mnn$1@news.hgc.com.hk>, sam <sam.wun@authtec.net> wrote:
>
>>

>
>
> Better to drop. This saves bandwidth, and may even lead a would-be attacker
> to conclude there's nothing there.
>
> Sending any sort of reply only confirms for them that they've found a target
> to work on.
>
I also agree this setting in the firewall. But I don't understand why PF
or other firewalls also include option for sending "rst" as an
alternative. There may be a reason, but I can't find a clear answer to this.

Is this for _backward_ compatitable?

Sam.



Relevant Pages

  • Re: rst or drop when defining PF firewall rules.
    ... Conrad J. Sabatier wrote: ... This saves bandwidth, and may even lead a would-be attacker ... I also agree this setting in the firewall. ...
    (comp.unix.bsd.openbsd.misc)
  • RE: Is this as bad as it seems?
    ... The network being protected by the router or firewall is still vulnerable to ... > circumvented - the administrator has explicitly allowed HTTP traffic on ... this exploit has the effect of allowing the attacker to send *INBOUND* HTTP ... The HTTP server (located on the internal network or anywhere else that is ...
    (Security-Basics)
  • [NEWS] Multiple Firewalls Ruleset Bypass through FTP Revisited
    ... a new attack method affected most leading firewall ... connect to a restrictive port. ... resend control strings supplied by the attacker that a vulnerable firewall ... Connect to FTP server and log on ...
    (Securiteam)
  • [VulnWatch] vulnerabilities in fortigate firewall webinterface
    ... Several vulnerabilities in web interface of Fortigate firewall of which ... attacker to obtain a username and password of the Fortigate. ... Username and MD5 hash of password are stored in cookie. ... WEB FILTER LOG PARSES UNFILTERED SESSION DETAILS ...
    (VulnWatch)
  • [Full-Disclosure] vulnerabilities in fortigate firewall webinterface
    ... Several vulnerabilities in web interface of Fortigate firewall of which ... attacker to obtain a username and password of the Fortigate. ... Username and MD5 hash of password are stored in cookie. ... WEB FILTER LOG PARSES UNFILTERED SESSION DETAILS ...
    (Full-Disclosure)