Your Win2K Srvr sends an ICMP Type= 3 (Destination Unreachable), Code=3 (Port Unreachable) when someone tries to open a TCP connection to a non-existent socket (ip_addr + tcp_port). So remote port scanners know when a port is filtered out or if the service is not running. The best manner to avoid this (and probably stealth), is to play with the packet filters and disabling the ICMP Type=3. The remote port scanning port will have to wait for a timeout at each new port connection and he doesn't know if you filtered out some ports or not. -----Original Message----- From: Matt [mailto:matt@xxxxxxxx] Sent: terça-feira, 31 de julho de 2001 17:45 To: [ISAserver.org Discussion List] Subject: [isalist] more newbee questions http://www.ISAserver.org I am trying to understand port scanning and therefore port blocking. I went to www.grc.com and did his port scan. Although all the ports he tested are closed I would like to make them stealth so that the server does not even respond to them. Can this be done? Do I even need to try? what is the meaning of life the universe and everything? Matt K ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Hugo@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')