I have just installed Nethsecurity 8 on my Proxmox to test it.
I have a question about the firewall. In Zones and policies, a reject and not a drop was used for WAN. Is there a special reason for this?
Ktwo
1 Like
Is a good practice to reject, because an attacker knows that the traffic Is rejected.
With drop the attacker could retry until a service became available.
And welcome!
I just read about this in an email the other day. What do you think about it so far? I plan on trying it out.
Hi @sarz4fun
With reject, you already confirm “something” worth protecting is here!
With drop, it could be an IP not used, defective hardware on the way, many other reasons.
A reject is a confirmation…
There is also traffic fingerprinting (also called TCP/IP fingerprinting), finding out what OS sent that deny packet.
First step of a sucessful attack is knowing your target…
This is an age old discussion, in the end it’s a bit like denying spam - or reporting spam…
My 2 cents
Andy
2 Likes