-------- Original Message --------
Subject: Re: [suse-security] Block IP in firewall
Date: Fri, 07 Sep 2001 12:58:21 +0300
From: Jussi Jääskeläinen
Jo,
On 06-Sep-01 dog@intop.net wrote:
you can use a REJECT instead of DENY for the ipchains rule and your machine will not appear to even be online. if you use the deny rule, they can still tell what ports you have open, but cannot connect to them.
For the records, ipchains REJECT sends out ICMP type 3 (host/port unreachable) messages to the client, telling him to stop sending packets because there would be no service on the port the client is hammering on. DENY silently drops the packet, telling the client nothing, who may keep on scanning and filling your logs.
How about sending "TTL-timeout" (or what router send when ttl-value goes zero)?