[Techtalk] question around port filtering, etc.

Andrew Wendt awendt at putergeek.com
Thu Aug 23 20:40:21 EST 2001

On August 23, 2001 09:55, coldfire wrote:
> you could just setup a rule that would REJECT tcp packets on port x from
> whatever domain they portscan you from.  this would be the 'polite' way to
> show that no service is running on that port (an icmp packet is sent back
> saying there's no service here).  you wouldn't want to DROP any of those
> packets because that would be suspicious.

Something I have wondered about iptables/ipchains is why there doesn't seem 
to be an easy way to make a port look just like nothing is listening on it.

Hopefully I'm just ignorant and someone will tell me how. :-)

DENY/DROP just forgets about the packet entirely...

REJECT sends back an ICMP error...

Normal behaviour when a port is not open but isn't firewalled either seems to 
be sending an RSET back.


More information about the Techtalk mailing list