Ralf's response was to a question regarding the removal of outgoing RST packets that are generated in reply to incoming SYN packets. (These RSTs being the kind that causes the "Connection Refused" TCP message)
DOOOOH!
In this case, there should be no consequences with SYN flood-type attacks. The only ill-effect, AFAIK, is with abortive disconnects not reaching remote host (and remote host will resend obselete packets little more times). --A problem enough to deter me from implmementing this.
Guess that's what I get for jumping in mid thread. :(
I think I'm at a loss as to why we are trying to do it this way. In other words, if you want to stop a scanner from getting a reply from all of your closed ports, would it not be easier to only let SYN packets in to legitimate services?
Or is this another "we're a .edu stuck in Dante's fourth circle of hell and are not permitted to filter out services". ;-)
C
