On Tue, May 28, 2002 at 09:00:33PM +0200, Axel Christiansen wrote:
> hi,
>
> cause you drop packets. nmap interprets this as filtered. the usual behavior
> would be "icmp port unreachable" witch causes nmap to show these ports
> as closed.
>
> try "iptables -P INPUT REJECT"
>
> it is not allway good to drop packet. Anyone will know there is most likely
> a packetfilter in play.
Or intermittent connectivity problems ;-)
But, you're right. The decision between DROP and REJECT is a very
tough one. Some two or three weeks ago we were pleading for DROP
for some valid reasons and now it seems that we have good reasons
for REJECT. But, still, I'd prefer the DROP. It's less expensive
and besides who cares that they know
"there is most likely a packetfilter in play".
You don't want to set up a honeypot, do you?
Ramin
> so fare my experience.
>
> Axel
