Rodolfo said:
Creates a route *from your host* and *to that host* which is immediately rejected, and whose packets get dropped. The point here is that packets may get to your machine, but they won't be able to get back because your server will route them to Hades. Note that this provides "asymmetric" protection, since packets do get to your machine and the cracker *can* crack your machine. Packets won't get back out to him, but if he's good enough to type in commands blind he can still cause damage.
Is this true? Surely if packets don't return from the destination there'll be no way of knowing that the socket is open and the client will timeout and terminate the connection.
He can also DoS you... again, packets come in but don't go out. Not the best way.
True, but flooding your bandwidth will effectively DoS you whether you're using ipchains or not.
I'm not denying that ipchains is better, I'm just trying to establish exactly what is going on.
Simes. -- Simon Brown <simes@xxxxxxxxx> - http://www.amdev.demon.co.uk/Mysterious outbreak of flange wort sweeps Germany. "I knew this would happen the minute that Karen Fancy-Smythe arrived." says Danny John-Jules, a local businessman.