On Wednesday 14 November 2001 08:08 am, thomas lakofski wrote: > On 14 Nov 2001, Tim Haynes wrote: > > If you want to stop port-scans, use a proper firewall with DENY > > (ipchains) or DROP (iptables) by default. > > how does this stop the scanner from identifying open ports? >
If you actually drop packets instead of rejecting them your port scanner will slow down to a crawl, since it has to wait for timeout on every try.
