On 30/03/11 19:38, Thomas Bächler wrote:
You cannot "hide" yourself on the internet. If you were offline, the
next router would reply that your machine is unreachable. By not
answering, you not only tell the "attacker" that you are online, you
also tell him that you don't know shit about networking.
Google it.
Thank you for clearing that up :-) I always believed that remaining
stealth, my machine was hidden on the internet from prying eyes. I was
so mistaken !:-[
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
This properly rejects packets to your IP that are neither ICMP nor TCP
nor UDP.
Sorry I confused packets with protocols. It basically tells that no
http,pop3,ftp or imap services is running on my machine and politely
closes the connection instead silently dropping the connection, right ?
And how does that harm you? It is rejected, and the sender now knows
that he is sending to the wrong destination (instead of continuously
retrying, which he would probably if you DROPped it).
It seems you were right. With my previous iptables configuration, i was
getting thousands of unwanted packets from same sources multiple times.
After using your configuration, there is a very sharp decrease of
unwanted packets.