>If a module like this existed it would be a great way to violate the >protocol and cause antisocial behaviour of your tcp stack. Yes, I agree, but in any case there would be more efficient ways to cause antisocial behaviour. In fact, in the beginning, my idea was to return a RST,ACK, for each SYN received on one of my closed ports, in order to make a scan tool belive that they are all open. (Perhaps it is useles but I found the idea amusing. >Anyway such a module is not difficult to write. So it is possible, but >nor the iptables package and the kernel, nor patch-o-matic >do not contain such a module. I saw yesterday that Craig Shelley did provide such a module on the devel-list in june but I can't recover the tarball he sended in attachment.
