24 May
2017
24 May
'17
3:54 p.m.
It still doesn't improve your security at all. It will just impair
proper networking and prevent debugging.
But it's your system, your the boss :-)
On 24.05.2017 22:26, lleachii--- via 44Net wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Marius,
Not delusional at all, in my security instance, if I were to have
IPENCAP closed, I wouldn't configure my device to send ICMP
Unreachable messages for it. The perceived gain is that my router
doesn't use CPU resources to process a packet I don't want. This is a
common configuration of a Firewall that Drops by default - I'm not
"forcing" my firewall to do it. It takes additional configuration to
accept-then-reject. The drop by default is helpful in scenarios like a
DDoS attack at the border attempting to use you for an amplification
attack.