I know how REJECT
and DROP
chain works. But, as I read here REJECT vs DROP when using iptables, user Dagelf said that the server still replies with TCP SYN/ACK
.
Does the scanner knows that a packet is dropped when the firewall is using DROP?
I know how REJECT
and DROP
chain works. But, as I read here REJECT vs DROP when using iptables, user Dagelf said that the server still replies with TCP SYN/ACK
.
Does the scanner knows that a packet is dropped when the firewall is using DROP?
If you reject the packet, you reply to the incoming SYN with a RST packet, so the scanner knows the port is closed (via reject, or because no service is running on that port).
If you drop the packets, the scanner waits, and after some time (timeout), it assumes the packets have been dropped (although, they may be lost in transit, or the machine on the far end could be down, or anything else could happen, that would trigger a no-reply scenario).