Quote:
Originally Posted by
Narnie
#4 is dropping broadcast packets, but I'm not exactly sure where those would come from. #4 and #5 I have found on other sites that on networks with Windows systems on them, there will be a lot of broadcast and multicast packets on them that will hog the logs, so it just drops them. Does this make since? If not, other explainations are welcome. Not sure what Windows is doing here, but it seems to be in some of the "best practices" info on firewall building.
Older versions of MS Messenger spam broadcast messages continuously.
I don't see why the firewall needs to care about this either.
Quote:
#6 I understand the difference, but wonder why sometimes things are just dropped (and therefore silent) and if everything makes it through the rules to this point, it might be chosen to use are REJECT and thus send back a TCP RST packet alerting them that they got a "live" system. Just curious on this one.
That's often why things are DROPped instead of REJECTed, yes.
Some firewalls even have a 'tarpit' sort of thing to dump known-hostile connections into. Tarpitted hosts get
just enough response from the server to think they've connected, but they haven't. Tarpitted connections still take the usual ten minutes timeout before dying. I think it's a strategy against DDOS.