I'm sure every here has seens lots of SYN-packets in their logs, trying to connect to various ports they shouldn't be talking to. I don't run any public servers, and I use passive ftp, so I simply block all connection attempts. The general procedure is to drop the packet, and ignore it. What would be the effect of sending back a SYN-ACK packet (and anything else necessary?) to fake the setting up of a connection... and then dropping the packet and ignoring it ? Would an infected machine scanning the net eventually run into resource limits and DOS itself ? I'm sure that professional crackers can work around this, but if we can make things a bit more painful for skiddies and automatic worms, then let's do it. Can such trickery be pulled off with a current bog-standard iptables, or does someone need to write a new "target"? -- Walter Dnes <waltdnes@xxxxxxxxxxxx> An infinite number of monkeys pounding away on keyboards will eventually produce a report showing that Windows is more secure, and has a lower TCO, than linux.
