On 03-Sep-99 George Bonser wrote: > There is an additional difference. If someone runs a port scan against a > machine, anything that is denied will get no response. It will be as if > there > is nothing there. If you are rejecting traffic, they will be able to tell > that > there is something there that they are not allowed to access. They can > simply > adjust their activity from a different location to see if they can gain > access > to the rejected service.
That explains why PortSentry uses DENY and not REJECT when it blocks a port scan or other activity. :) -- Andrew
