>> What about using REJECT instead of DENY?  That way the browser should
>> immediately be told that the destination (in this case
>> ad.doubleclick.net)
>> could not be reached.
> 
> I believe DENY would cause the browser to time out, but not right away.  I
> only use DENY for spam hosts/nets so that the spammer wastes more time.
> 
> --

There is an additional difference. If someone runs a port scan against a
machine, anything that is denied will get no response. It will be as if there
is nothing there. If you are rejecting traffic, they will be able to tell that
there is something there that they are not allowed to access. They can simply
adjust their activity from a different location to see if they can gain access
to the rejected service.


----------------------------------
E-Mail: George Bonser <[EMAIL PROTECTED]>
Date: 02-Sep-99
Time: 22:50:57

This message was sent by XFMail
----------------------------------

Reply via email to