On Sun, Aug 06, 2006 at 11:26:33AM +0200, former03 | Baltasar Cevc wrote: > If you want the scanner > to think the ports are closed, you could issue send back a port > unreachable packet (-j REJECT --reject-with icmp-port-unreachable) The scanner will think as well that there is a filter since a port with no listening service will generate a TCP RST packet. You can do so with iptables, but, alas, that's the same behavior you get without packet filter and no service on the port. I'd say, if you don't want a service to be visible, don't run it. No packet filter needed here. Port scan protection might have a place should you decide to drop packets from a certain IP if you have seen a suspicious pattern from that IP, but that can be trivially be abused as a DoS device, and I generally think it is not worth the trouble. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
