Connection to WAN rejected instead of dropped.
Hi. I say at the outset that I don't deal with networks professionally (yet).
Can someone explain to me why by default this router rejects connections on ports instead of dropping them? I've always been told that it's better practice to quietly terminate connections rather than shouting to the client: YES I am at this IP address but no, you will not get a connection on this port.
In the settings I didn't find, option to change it.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
in an ideal network world, you should always comply with the TCP handshake protocol. you follow the rules and this is how networking works.
well, there are people with ill intentions, they try to scan you first and find your weakness and attack you from that.
This is not considered in the first place when people create TCP and UDP. The intention for creating the network is to emulate the real world communication.
Tcp is stable but this requires you to acknowledge him before he starts talking. this is inevitable for you to answer him first.
So, you have to answer this with a "YES" or "NO"
Later on, people find this could become a loophole for people who want to attack them. So, with the invention of the firewall, you have protection now. The router will block illegitimate connections/requests by simply dropping them. Ignore their requests. You don't have to answer them now.
Are you looking for dropping them? What kind of config do you have? default settings should be totally fine. don't see this issue popping up on forum now. Stealth scan was a problem before and it was fixed with the firmware update.
- Copy Link
- Report Inappropriate Content
@Aviti DROP policy is very user unfriendly. it let's thing forever until timeout.
- Copy Link
- Report Inappropriate Content
@crrodriguez So with the default settings and the public IP address on the WAN port everything is well secured?
- Copy Link
- Report Inappropriate Content
@Aviti Most of the time, yeah. a drop policy is probably only needed when faced with a DoS attack.. (if you are there, you are in big trouble anyway and just DROping things wont help)
- Copy Link
- Report Inappropriate Content
in an ideal network world, you should always comply with the TCP handshake protocol. you follow the rules and this is how networking works.
well, there are people with ill intentions, they try to scan you first and find your weakness and attack you from that.
This is not considered in the first place when people create TCP and UDP. The intention for creating the network is to emulate the real world communication.
Tcp is stable but this requires you to acknowledge him before he starts talking. this is inevitable for you to answer him first.
So, you have to answer this with a "YES" or "NO"
Later on, people find this could become a loophole for people who want to attack them. So, with the invention of the firewall, you have protection now. The router will block illegitimate connections/requests by simply dropping them. Ignore their requests. You don't have to answer them now.
Are you looking for dropping them? What kind of config do you have? default settings should be totally fine. don't see this issue popping up on forum now. Stealth scan was a problem before and it was fixed with the firmware update.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 663
Replies: 4
Voters 0
No one has voted for it yet.