[Fedora] Re: iptables: drop or reject?

[Neil Cherry]

Ashley M. Kirchner wrote:
> Manuel Arostegui Ramirez wrote:
>> In this case, I would choose to drop packets since they're not going 
>> to stop, it's better to do not increase the packets on your interface.
>>   

---- snip 8<----

>    This all started because a few days ago I started getting 3 servers 
> that are in the Hurricane Electric network sending a ton of spam e-mails 
> to invalid user names on my network.  Ever since I started dropping 
> their packets, the flow of activity from those 3 machines increased 
> dramatically.  What used to be just a few packets every minute has now 
> gone to some 5 to 10 packets being dropped every second.

Use wireshark (it's ethereals replacement) and see if your sending
some kind of IP packet in response. If you're really dropping the
packet nothing goes back and the remote site won't be wasting time
sending you junk. If you're responding back in some form then you'll
be buried unless it a DOS. Then the end program is going to continue
to send blind and not care or follow any of the 'rules'.

I'm betting you're responding with a reset or something. Maybe it
would be a good idea to show us you're rules (you can make up
the IP's but keep them consistent).

-- 
Linux Home Automation         Neil Cherry       ncherry at linuxha.com
http://www.linuxha.com/                         Main site
http://linuxha.blogspot.com/                    My HA Blog
Author of:    	Linux Smart Homes For Dummies