On Thu, Aug 30, 2007 at 05:09:44PM -0400, James Carlson wrote: > Norm Jacobs writes: > > 1. It doesn't send out a response to any queries on the network. > > Just being open is enough. The fact that it's open is easily > detectable, because the system won't send back an ICMP Destination > Unreachable / Port Unreachable when a packet for that port is > received. Scanners use that feature to find the open and closed > ports.
Evil thought: since no response will be sent by the prober, could we have a socket option (SO_CLOAK) that says "send back an ICMP port unreachable message in response to any datagrams sent to this port"? But, like I said, that'd be evil :) Nico --
