COMPUTER THREATS SECURITY
WHAT IS A FIREWALL IN NETWORK SECURITY
|
Question
[CLICK ON ANY CHOICE TO KNOW THE RIGHT ANSWER]
|
|
|
DROP:iptables drops the packet. ; REJECT:iptables “rejects” the packet with response
|
|
|
DROP:and REJECT:both do the same task
|
|
|
DROP:iptables drops the packet with a response. REJECT:iptables “rejects” the packet without a response.
|
|
|
None of the above
|
Detailed explanation-1: -The REJECT rule immediately rejected the ICMP echo requests with a Destination Port Unreachable error. On the other hand, for DROP, the ICMP echo request timed out after a while. While using TCP, we got an immediate Connection refused error in the case of REJECT.
Detailed explanation-2: -Difference between DROP and REJECT Actually, when we use the DROP command, it will not forward the packet or answer it. But, simply drops the packet silently. And, no indication is sent to the client or server. But, the REJECT command sends an error message back to the source indicating a connection failure.
Detailed explanation-3: -As a general rule, use REJECT when you want the other end to know the port is unreachable’ use DROP for connections to hosts you don’t want people to see. Usually, all rules for connections inside your LAN should use REJECT.
Detailed explanation-4: -REJECT triggers a response (ICMP by default) while DROP simply ignores the packet without the need for further processing.
Detailed explanation-5: -In summary; use REJECT to disallow trusted hosts by gracefully informing them that the traffic is not allowed to pass, and use DROP in an attempt to cause delays and disruption to a no so persistent attacker by sending their packets into a black hole without any response for them to analyse.