On Tue, May 11, 2004 at 01:16:03PM -0400, Chris Brenton wrote: > Depends. I like rejecting with host-unreachables as it makes it look > like you do not have a firewall. NACK. If I weren't there, the host unreachable would have the source address of the upstream router, and not my own one. To be truly invisible, you'd need to fake the upstream router's IP address, which is (a) not easy to get hold of, (b) most probably not appreciated by your upstream, and (c) some hosts will completely cease communication with you which is not always the intended behavior. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things." Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29
