> -----Original Message-----
> From: Marc Haber [mailto:mh+exim-users@zugschlus.de]
> For the archive, better let's make it explicitly clear: Rejecting a
> connection attempt does not reveal any more information than dropping
> the connection attempt gives. A "drop" gives an attacker the
> information that something is there. And that it is desperately trying
> to be invisible.
Very true.
If dropping has any benefit, it's that it *greatly* slows down port scans.
But that's a pretty marginal benefit. Unfortunately, a lot of packet
filters don't have the option to reject, or implement it wrong if they do.
