>> What about using REJECT instead of DENY? That way the browser should >> immediately be told that the destination (in this case >> ad.doubleclick.net) >> could not be reached. > > I believe DENY would cause the browser to time out, but not right away. I > only use DENY for spam hosts/nets so that the spammer wastes more time. > > --
There is an additional difference. If someone runs a port scan against a machine, anything that is denied will get no response. It will be as if there is nothing there. If you are rejecting traffic, they will be able to tell that there is something there that they are not allowed to access. They can simply adjust their activity from a different location to see if they can gain access to the rejected service. ---------------------------------- E-Mail: George Bonser <[EMAIL PROTECTED]> Date: 02-Sep-99 Time: 22:50:57 This message was sent by XFMail ----------------------------------