>In other words, if I REJECT packets to, say, port 25, then to an >attacker running a scan it looks like I don't have a daemon listening on >port 25. But if I DROP packets to port 25, then he knows I have some >kind of firewall in place, and might think I would make a more >interesting target. > Er, other way around?