-------- Original Message -------- Subject: Re: [suse-security] Block IP in firewall Date: Fri, 07 Sep 2001 12:58:21 +0300 From: Jussi Jääskeläinen <jussi.jaaskelainen@audioriders.fi> To: Boris Lorenz <bolo@lupa.de> References: <XFMail.010907110830.bolo@lupa.de> Boris Lorenz wrote:
Jo,
On 06-Sep-01 dog@intop.net wrote:
you can use a REJECT instead of DENY for the ipchains rule and your machine will not appear to even be online. if you use the deny rule, they can still tell what ports you have open, but cannot connect to them.
For the records, ipchains REJECT sends out ICMP type 3 (host/port unreachable) messages to the client, telling him to stop sending packets because there would be no service on the port the client is hammering on. DENY silently drops the packet, telling the client nothing, who may keep on scanning and filling your logs.
How about sending "TTL-timeout" (or what router send when ttl-value goes zero)?