Date: Wed, 13 Feb 2013 10:44:23 -0600 From: khatfield@socllc.net To: "Matthew X. Economou" <xenophon@irtnog.org> Cc: "freebsd-isp@freebsd.org" <freebsd-isp@freebsd.org>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: FreeBSD DDoS protection Message-ID: <2107458022.140210.1360773865635@d94655abdbc041fe9f54c404b6b4e89c.nuevasync.com> In-Reply-To: <BABF8C57A778F04791343E5601659908236D58@cinip100ntsbs.irtnog.net> References: <SNT002-W152BF18F12BD59F112A1CBAE5040@phx.gbl> <321927899.767139.1360461430134@89b1b4b66ec741cb85480c78b68b8dce.nuevasync.com> <BABF8C57A778F04791343E5601659908236D58@cinip100ntsbs.irtnog.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Please read the rest of the thread before criticizing. On Feb 13, 2013, at 9:58 AM, "Matthew X. Economou" <xenophon@irtnog.org> wr= ote: > khatfield@s... Writes: >>=20 >> The less you do with the firewall (routing/blocking/inspecting) the >> better. >>=20 >> Drop drop drop ;) >=20 > I think this is really bad advice. A firewall should return > destination-unreachable/reset packets for administratively prohibited > traffic types. Drops, null routes, etc. should only be used in case of > emergency like ongoing DoS attacks or for special cases like stealth > firewalls.=20 >=20 > --=20 > I FIGHT FOR THE USERS >=20 > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2107458022.140210.1360773865635>