ipchains - sorry to flog this horse
Wes Bateman
wes@bgcs.org
Fri, 31 Mar 2000 16:52:11 -0700 (MST)
On Fri, 31 Mar 2000 sinck@corp.quepasa.com wrote:
> I've got 23 blocked by REJECT, and nothing is on 415...looks the
> same, remotely. Whereas DENY will say something else, I think. Or
> connect briefly, then hose you. I wanted it to look to certain folks
> that nothing was there.
Deny doesn't say anything. It will ignore the packet, playing dead, just
like there was no service or even host there. Reject will send an ICMP
response back to the requesting host. Reject might be more
"polite," letting someone know that the connection was refused. I prefer
DENY though, because they can't even tell you're there...it'll just try
forever or time out. I don't know beyond stating that the connection was
refused, and thus stating that "yes, this host is alive" if one could
examine the ICMP reply in greater detail and try to determine the OS or
other info that generated that packet. If it is possible, you'd have to
employ some method other than just telnet to disect it.
I think the above is all correct. I must have read that stuff
somewhere...or maybe I dreamt it? Hard to tell sometimes :)
Wes