[lug] IP Tables

karl horlen horlenkarl at yahoo.com
Sat Sep 22 18:00:34 MDT 2007

> > My thought is that hackers are not likely
> > to keep retrying (but maybe they would) and just
> > move on.  If they did get a reject though, they
> > might just keep trying.  Probably another port.
> It speeds up their ability to do the queries also,
> if your machine is 
> polite enough to answer "Nope!" on every single port
> with a REJECT. 
> Otherwise, they have to wait for whatever timeout
> value they deem 
> appropriate.

which begs a different but related question.  

if i did open up icmp, i imagine i might be able to
specify a delay time for the reply in the iptables
rule?  if i could do that, i could at least limit the
bandwidth ping attacks consume on my pipe.  I know it
might not make that much of a difference.  But then
again it could versus if no delay was added.  Not even
sure i can do this but it seems feasible.

Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. 

More information about the LUG mailing list