* Quoting Phillip Hofmeister ([EMAIL PROTECTED]): > > As mentioned before, it is a port-scanner. Anyhow, TCP-Reset cans turn
Ack. > a asymmetric DoS attack/flood (one-way) into an symmetric DoS/flood > because now your host is generating traffic by replying to these > otherwise useless packets. You could set a limit rule on sending a A DoS attack is a different scenario than a port scan. In normal situation you create more load cause of the TCP-retransmission. > TCP-Reset..I know. I am not one that enjoys people breaking RFCs, but > in this case it does make *some* sense. If someone is randomly port > scanning class C's and they hit your IP, get no response from an ICMP > (1) echo-request (8) and then try a few ports and get no TCP-Resets, > they are likely to think you are a dead IP[1]. You would get a ICMP host-unreachable from the last router in that case. - Rolf
