[Techtalk] question around port filtering, etc.
awendt at putergeek.com
Thu Aug 23 20:40:21 EST 2001
On August 23, 2001 09:55, coldfire wrote:
> you could just setup a rule that would REJECT tcp packets on port x from
> whatever domain they portscan you from. this would be the 'polite' way to
> show that no service is running on that port (an icmp packet is sent back
> saying there's no service here). you wouldn't want to DROP any of those
> packets because that would be suspicious.
Something I have wondered about iptables/ipchains is why there doesn't seem
to be an easy way to make a port look just like nothing is listening on it.
Hopefully I'm just ignorant and someone will tell me how. :-)
DENY/DROP just forgets about the packet entirely...
REJECT sends back an ICMP error...
Normal behaviour when a port is not open but isn't firewalled either seems to
be sending an RSET back.
More information about the Techtalk