NETWORK SECURITY
FIREWALLS
|
Question
[CLICK ON ANY CHOICE TO KNOW THE RIGHT ANSWER]
|
|
|
DROP:iptables drops the packet. ; REJECT:iptables “rejects” the packet with response
|
|
|
DROP:and REJECT:both do the same task
|
|
|
DROP:iptables drops the packet with a response. REJECT:iptables “rejects” the packet without a response.
|
|
|
None of the above
|
Detailed explanation-1: -The REJECT rule immediately rejected the ICMP echo requests with a Destination Port Unreachable error. On the other hand, for DROP, the ICMP echo request timed out after a while. While using TCP, we got an immediate Connection refused error in the case of REJECT.
Detailed explanation-2: -Difference between DROP and REJECT Actually, when we use the DROP command, it will not forward the packet or answer it. But, simply drops the packet silently. And, no indication is sent to the client or server. But, the REJECT command sends an error message back to the source indicating a connection failure.
Detailed explanation-3: -REJECT-you disable all incoming packets except those that you have allowed in specific rules and the source machine is informed about the rejection. DROP-you disable all incoming packets except those that you have allowed in specific rules and no information sent to the source machine.
Detailed explanation-4: -The difference is that the REJECT target sends a reject response to the source, while the DROP target sends nothing. This can be useful e.g. for the ident service. If you use REJECT then the clients doesn’t need to wait for timeout.
Detailed explanation-5: -With REJECT, you do your scan and categorise the results into “connection established” and “connection rejected". With DROP, you categorise the results into “connection established” and “connection timed out".