On Fri, Aug 01, 2003 at 01:41:20PM -0400, Chris Shepherd wrote: > > As long as I'm the one paying for my Internet uplink (and those are > > EXPENSIVE here in Brazil), I don't want any traffic on it that is > > not authorized. And a portscan is definitively samething I did not > > authorized. > > Regardless of whether you filter it or not, it has already bypassed your ISP's > routers, and is using YOUR bandwidth. The packets are getting to you either > way, dropping their packets after they have hit your network doesn't stop them > from utilizing your bandwidth, and in fact, that further increases the argument > for a simple drop-all approach, since you will, in the event of a portscan, > send replies, thus using more of your bandwidth than if you had simply dropped > them. Now, this is a good argument to setup a DROP-all fw. > > Don't be so sure. IIRC, there was a bug on same platform that was only > > exploitable on "closed" ports. > > Do you feel this bug is relevant to this conversation in relation to your setup? This kind of stuff is always relevant. -- Rodrigo Barbosa <rodrigobat_private> "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
This archive was generated by hypermail 2b30 : Sat Aug 02 2003 - 10:36:30 PDT