You are here : I-BLOG » Attacks/Exploits, Tech in general » TCP drop vs reset vs reject

TCP drop vs reset vs reject

Published By rsivanandan On Saturday, June 16th 2007. Under Attacks/Exploits, Tech in general

Since the last post was on unusual tcp connection tear down, it is also important to understand different actions a typical firewalls can take;

Drop -> The packet is dropped and never informed about the sender.

Reset -> A RST is sent to the sender to let him know that the port is not open.

Reject -> Reject is rather interesting, it is almost TCP reset but also sends an ICMP prohibited message saying that the port might be open but you’re not allowed to talk

So if you’re tasked to configure a mode (any of the above), what will you choose for tearing down a connection ?

It depends on the requirement but I’d rather go with drop since “If I want to tear down the connection any ways, why send a message saying that I teared it down ?” Doesn’t it add additional processing on the box which is doing rather other important IO

del.icio.us Tags: RST, REJECT, DROP, TCP, Firewall

Leave a Reply

« TCP "RST" Through PIX

One more LWD »