[ale] Nmap + filtered ports
Jeff Hubbs
hbbs at comcast.net
Fri Dec 16 17:29:05 EST 2005
I'm confused. My man iptables says "DROP means to drop the packet on
the floor." http://www.gophernet.org/articles/iptables.html has a more
verbose explanation. REJECT actually returns something, doesn't it?
Jason Day wrote:
>
>
> On 12/16/05, *Jeff Hubbs* <hbbs at comcast.net <mailto:hbbs at comcast.net>>
> wrote:
>
>
> >In other words, if I REJECT packets to, say, port 25, then to an
> >attacker running a scan it looks like I don't have a daemon
> listening on
> >port 25. But if I DROP packets to port 25, then he knows I have
> some
> >kind of firewall in place, and might think I would make a more
> >interesting target.
> >
> Er, other way around?
>
>
> No, not according to the iptables man page. Chris Ricker summarized
> it really well a few months back:
> http://www.ale.org/archive/ale/ale-2005-05/msg00139.html
> --
> Jason Day jasonday at
> http://jasonday.home.att.net worldnet dot att dot net
>
> "Of course I'm paranoid, everyone is trying to kill me."
> -- Weyoun-6, Star Trek: Deep Space 9
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
More information about the Ale
mailing list