invisible filter...

[Aoclarit]

read the man page for nmap and you'll see that different scans require
different packets to be sent back. f.e. ACK-scans require an icmp-unreachable
back in order to assume the port is closed.

Rune Elvemo wrote:

> Currently I have this solution where I have a given file where I have
> listed all the ports I want to filter/block for outsiders.
>
> Earlier I had heard that -j DROP, was a good solution for making them
> invisible for portscanners, although I did later find out that was wrong.
>
> I have also tried various forms of -j REJECT --reject-with <>.
>
> Seems to me that none of them proved to be 100% invisisble for nmap.
> (ie., nmap reported ports open/filtered)
>
> Others has said that I should block ALL ports. But then icq/dcc sends
> wouldn't work, right ?
>
> So I was wondering if anyone would have some hints here....
>
> Thank you VERY much!
>
> ---
> Rune Elvemo     ---     Octagon / Digital Minds
> relvemo@grm.hia.no
> http://home.c2i.net/elvemo