From owner-freebsd-security  Mon May 28  0:55:49 2001
Delivered-To: freebsd-security@freebsd.org
Received: from phoenix.volant.org (dickson.phoenix.volant.org [205.179.79.193])
	by hub.freebsd.org (Postfix) with ESMTP id 0B77A37B422
	for <freebsd-security@freebsd.org>; Mon, 28 May 2001 00:55:46 -0700 (PDT)
	(envelope-from patl@Phoenix.Volant.ORG)
Received: from asimov.phoenix.volant.org ([205.179.79.65])
	by phoenix.volant.org with esmtp (Exim 1.92 #8)
	for freebsd-security@freebsd.org
	id 154HsP-0001aQ-00; Mon, 28 May 2001 00:55:45 -0700
Received: from localhost (localhost [127.0.0.1])
	by asimov.phoenix.volant.org (8.9.3+Sun/8.9.3) with SMTP id AAA05914
	for <freebsd-security@freebsd.org>; Mon, 28 May 2001 00:55:45 -0700 (PDT)
From: patl@Phoenix.Volant.ORG
Date: Mon, 28 May 2001 00:55:45 -0700 (PDT)
Reply-To: patl@Phoenix.Volant.ORG
Subject: ipfw: reset -vs- unreach port
To: freebsd-security@freebsd.org
Message-ID: <ML-3.4.991036545.6838.patl@asimov.phoenix.volant.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

There are a few 'nuisance' TCP services that are normally blocked by
firewalls (e.g., auth [113] and netbios-ns [137])  In the interest
of reducing the delays which would be imposed by simply dropping
those packets, is it better to use 'reset' (send an RST), 'unreach
port' (send a Port Unreachable ICMP message), or 'unreach filter-prohib'
(send a Filter Prohibition ICMP message) ?  Or is there another even
better option?


Thanks,
-Pat

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message