Re: 'mirror' with iptables
Dmitriy Kropivnitskiy <email@example.com> writes:
> > how does this stop the scanner from identifying open ports?
> If you actually drop packets instead of rejecting them your port scanner
> will slow down to a crawl, since it has to wait for timeout on every try.
Push out loads of packets to many hosts at one port per host, and just sit
back & wait for the responses; they'll tell you if they're listening.
Absolutely *nobody* does multi-port per host sweeps these days - to the
extent that I nmapped myself from ports 20-25 only, this morning, and it
occupied the greater amount of the firewall log for the last 24hrs.
And in the rapture and the charm, |firstname.lastname@example.org
Came the tranquil and the calm, |http://spodzone.org.uk/
On the ridge of the mighty Atlantic. |