Petemcevoy said:
There is a chance that i'm being presumptous about your intellectual high ground - i'm in a stinkin mood - if i'm wrong - i apologise.
No apology needed, and no, I wasn't being condescending. It was an honest question, I'm honestly curious as to how other people approach the subject.

psi0nic said:
imho it is a *very bad idea* to discount the script kid O's. A real hacker may root your box and have a look around or whatever. Script Kiddies are a lot more likely to rm -rf your box or other general mean things. Besides the world is full of lamers and kiddies, and that is reasson enough for me to take their actions/attempts seriously.
Don't get me wrong, I'm not discounting them. Indeed, my firewalls rules are set up in a very similar way when it comes to pings, blatant portscans, etc.. I agree that they represent a major percentage (probably 80-90%) of all malicious traffic on the web, and that that alone is why you should do what you can to stop them.

The real question I'm asking here is does drop/deny do anything more than reject does?

I mean, to a point I think a script kiddie would see a drop/deny response and think nothing's there, but a real cracker/hacker could tell that there's a PC there based on the response (or lack thereof).

REJECT, on the other hand, will tell you that there's definitely a PC there, but that the port isn't open.

From a strict networking point of view, it's better to simply reject packets than to drop/deny them, but drop/deny will delay a portscan.

It's a fairly trade-offish issue, which is why I'm curious as to what you guys think.