If I was a bad guy, and I probed a range of addresses, with a bogus connection attempt, I'd expect any one of 4 possible returns from each of the addresses probed.
- "Address unreachable" from the upstream gateway.
- "Connection refused" from the router or firewall.
- Reply from target, from an unstealthed computer or router.
- No response, from a stealthed computer or router.
If I were a true hacker (not a cracker or script kiddie), I think I'd prioritise my hack attempts based upon those results.
- "Address unreachable" = You can't hack what doesn't exist.
- "Connection refused" = Interesting, but there's so many responding that way.
- Reply from target = Boring.
- No response (stealth) = Now we're talking. A true challenge. Thinks he's invisible, eh?
I'd go after #4, then #2 and #3, in that order. Security By Obscurity = No Security.