At one time or another I had seen a kernel patch posted which would prevent sending out packets with the RST bit set, changing those packets so the SYN+ACK bits were set, therefore confusing portscanners and similar tools. Now I can't seem to find this patch, anyone have pointers on where to find something to do this, or how to do this with netfilter alone?
Attachment:
pgpuntZ3SejnA.pgp
Description: PGP signature