Hacker News new | ask | show | jobs
by sespindola 5231 days ago
The risk reduction is negligible if someone is doing a portscan on your host. Connection attempts to non standard ports will eventually occur. The better solution is to use single packet authorization.[1]

1. http://cipherdyne.org/fwknop/
1 comments
Florin_Andrei 5231 days ago
Yeah. It depends on how persistent they are. Using DROP on all closed ports may discourage some attackers. Others may remain undeterred.
link