Hi, Try -j REJECT --reject-with tcp-reset This way you'll tell nmap: go away, the port is closed. normal REJECT will issue an ICMP error message: destination unreachable/port unreachable. If you use DROP or simple REJECT nmap will say: filtered If you use REJECT --reject-with tcp-reset it will say closed. Note that, if you use any REJECT and not DROP, nmap will get the packets and will try OS fingerprinting on them. Also note that it does not really give a scanner anything. I recommend using DROP and not caring about the nmap results. NMAP also sends a ping and then a TCP ACK packet with --dport 80, just before it starts scanning. You may want to track down the UNRELATED TCP ACKs with -p tcp and -m state --state NEW together. Regards, Maciej Soltysiak
