On Thu, Oct 10, 2002 at 11:41:32AM -0300, Leonardo Rodrigues ( listas ) wrote: > > DROP would make nmap ( or any other scanner ) mark that port as filtered > too. To make services closed and 'invisible' to scanners, you should use '-j > REJECT --reject-with tcp-reset'. Spot on :) Isn't this one in an FAQ somewhere by now, seeing as no-one ever reads the rather good nmap man page. I haven't checked but last time I looked the TTL will be different with RSTs sent from iptables rather than those sent because there's no listener on the port. There are ways around this too, depends how invisible you want to be... -- FunkyJesus System Administration Team
