What technique might be used to prevent scanners from waiting for timeouts by altering firewall rules for closed ports?

The concept being tested is how firewall responses to probes affect scan timing. If a firewall for closed ports is configured to actively reject them by sending a TCP RST and an ICMP port unreachable message, a scanning tool receives an immediate, definitive response rather than waiting for a timeout. This makes it possible to quickly determine that those ports are closed, so the scanner doesn’t linger on unanswered probes. In practice, this speeds up the enumeration process and helps distinguish between closed and filtered ports, since the immediate RST/ICMP signals close state rather than letting the probe time out. Stealth scanning or avoiding detection doesn’t directly change timeout behavior, disabling logging doesn’t affect how responses are produced, and increasing scan retries would increase time rather than prevent timeouts.