> I find 'return' to be easier to work with. The LAN I am primarily > thinking about is both infested with Windows and accessible via VPN - > and the VPN has some Windows clients. Considering the people on said > LAN, who are both sweet and smart but not in general > computer-savvy, I'd > be highly surprised if an attacker spent much time on the firewall.
Windows... This "stealth" mode you talk of, wasn't it a term coined by the irrefutable GRC in his quest to rub snake oil all over everything so it runs faster? I only ever hear users of the EvilOS talking about "stealthing" their boxes. Not replying may save a little bit of upload bandwitdh which may count if you're heavily scanned and have an asymmetric link with little outgoing bandwidth... but that is about all.