Mon, 22 Oct 2001 10:23:29 -0700
read the man page for nmap and you'll see that different scans require
different packets to be sent back. f.e. ACK-scans require an icmp-unreachable
back in order to assume the port is closed.
Rune Elvemo wrote:
> Currently I have this solution where I have a given file where I have
> listed all the ports I want to filter/block for outsiders.
> Earlier I had heard that -j DROP, was a good solution for making them
> invisible for portscanners, although I did later find out that was wrong.
> I have also tried various forms of -j REJECT --reject-with <>.
> Seems to me that none of them proved to be 100% invisisble for nmap.
> (ie., nmap reported ports open/filtered)
> Others has said that I should block ALL ports. But then icq/dcc sends
> wouldn't work, right ?
> So I was wondering if anyone would have some hints here....
> Thank you VERY much!
> Rune Elvemo --- Octagon / Digital Minds