[Fedora] Re: iptables: drop or reject?

Manuel Arostegui Ramirez manuel at todo-linux.com
Thu Oct 25 18:36:06 UTC 2007 

El Jueves, 25 de Octubre de 2007 20:27, Ashley M. Kirchner escribió:
>
>     That's kinda what I thought too, however as far as the sending
> machine is concerned, because it didn't get anything back, it could
> potentially see it as a successful delivery and thus continue to deliver
> more and more crap.  On the other hand, if it does get some kind of
> reset...
>
>     I don't know.  I certainly don't want to increase my traffic, but
> I'd also don't want to give them any reason to believe that they reached
> me and then increase the amount of crap they're sending.

They would not know if they're being succeded or not, it's like sending syn 
and just wait for the ack, which will never be recieved

>
>     This all started because a few days ago I started getting 3 servers
> that are in the Hurricane Electric network sending a ton of spam e-mails
> to invalid user names on my network.  Ever since I started dropping
> their packets, the flow of activity from those 3 machines increased
> dramatically.  What used to be just a few packets every minute has now
> gone to some 5 to 10 packets being dropped every second.

Is there any proper hardware firewall before those machines? If so you could 
set up a rule..

>
>     E-Mails to them is simply being ignored...at least, I have yet to
> hear anything back or to see a change.
>
>     Mind you, the same thing is happening with a lot of other networks
> that have been spamming - their activity has also increased over the
> last few weeks, basically since I started dropping packets instead of
> using hosts.deny (which would send a deny packet back.)
>

Well, actually you can give it a try, try to set up REJECT rule in one machine 
and see if they keep continue or it stops...
But again, if they're bots (which is more than probable) they'd not mind if 
you are dropping or rejecting the packets, they'd keep doing the same..

Wish you the best of lucks with this issue, being flooded it is really hateful

Manuel.

-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

More information about the users mailing list