For this matter iptables has the REJECT target DROP does not send an answer back to the attacker not waisting more bandwith with the reply.. with REJECT you can specify with what kind of icmp type to reject the packet..
On Thursday 28 February 2002 02:06 pm, you wrote: > ################################## > # POINTS > ################################## > Point 1] With IP Filter I have the equivilent of 'DROP' and it shows > nothing with an nmap scan. > Point 2] With IP Tables I have DROP and it shows filtered ports with an > nmap scan. > > ################################## > # NMAP SCAN TYPE USED > ################################## > nmap -sS -P0 -p port,numbers IP > > ################################## > # QUESTIONS > ################################## > Question 1] I am wondering why IPTables does not do the same? > Question 2] Is this a bug? > Question 3] How do I make it so it does not show the filtered ports? > > ################################## > # PROOF > ################################## > > ################################## > # NETFILTER > ################################## > I am using the following command. > iptables -P INPUT DROP # This should NOT show filtered ports. > > ################################## > # RESULT > ################################## > NETFILTER SHOWS FILTERED PORTS: > bash# nmap -sS -P0 -p 21,22,25,80,113,119,139,3128 > an.iptables-version-1.2.4.box.com > > Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) > Interesting ports onan.iptables-version-1.2.4.box.com (x.x.x.x): > Port State Service > 21/tcp filtered ftp > 22/tcp filtered ssh > 25/tcp open smtp > 80/tcp filtered http > 113/tcp open auth > 119/tcp filtered nntp > 139/tcp filtered netbios-ssn > 3128/tcp filtered squid-http > > ################################### > # IPFILTER > ################################### > > ################################### > # RESULT > ################################### > IPFILTER DOES NOT SHOW FILTERED PORTS: > bash# nmap -sS -P0 -p > 7,9,13,19,21,22,23,25,37,79,111,113,139,143,512,513,51,540,665,6000,6112,71 >00,32771,32772,32773,32774,32775,32776 an.ip.filter.box.com > > Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) > Interesting ports on on.an.ipfilter.box.com) (x.x.x.x): > (The 27 ports scanned but not shown below are in state: filtered) > Port State Service > 25/tcp open smtp > 113/tcp open auth > > Nmap run completed -- 1 IP address (1 host up) scanned in 7 seconds
