Actually, I believe this is the way this works, as I know if you run an nmap against my firewalls, you get stealth as the answer. If you do a DROP, then the packet will never make it to your host, thus never making a TCP connection or even an attempted/rejected connection. Because of this, the nmap will not know if there is even anything at that host and port. If you do a REJECT, then the ICMP will go back to the nmapper, and the port will return unavailble, and if you do a TCP reset, the port will return as open except that it will probably appear as open but protected (i.e. tcp wrapped or something along the line), as this is the way that tcp_wrappers would do something like this. It would reset the socket of an invalid connecting address. So, if you do a DROP in your iptables commands, the packet will just appear lost, and no response will ever return to the nmap, making it think that there is nothing valid at that host and port, or in other words, that it is stealthed.
Josh Ballard oofle.com Firewall Center http://www.oofle.com/ [EMAIL PROTECTED] _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
