Date: Mon, 8 Jul 2002 21:37:26 +0300 From: Peter Pentchev <roam@ringlet.net> To: Klaus Steden <klaus@compt.com> Cc: twig les <twigles@yahoo.com>, "Dalin S. Owen" <dowen@nexusxi.com>, Laurence Brockman <laurence@fluxinc.com>, security@FreeBSD.ORG Subject: Re: hiding OS name Message-ID: <20020708183726.GA363@straylight.oblivion.bg> In-Reply-To: <20020708141342.G13139@cthulu.compt.com> References: <20020708111122.A33379@nexusxi.com> <20020708175214.31781.qmail@web10104.mail.yahoo.com> <20020708141342.G13139@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 08, 2002 at 02:13:42PM -0400, Klaus Steden wrote: > > Portsentry may help (/usr/ports/security/portsentry I > > believe). Won't hide the OS, but it may shut down > > scans before they get that far. <shrug>, never tested > > it that way. > >=20 > A friend of mine runs portsentry configured to blackhole every IP that > attempts to connect to a port where no server is running (in conjunction = with > a strict firewall); that can be done in FreeBSD without using portsentry,= via > the blackhole sysctl MIBs. See blackhole(4). >=20 > It's not a bad means to keep people out of your machines. I know I'm going to regret posting in this thread, but so be it :) Does your friend know that, unlikely as it is made by modern ingress and egress routing practices, IP spoofing is still not quite ruled out? Will your friend's portsentry setup happily blackhole e.g. his ISP's nameserver, or the root nameservers, or www.cnn.com's IP addresses, simply because somebody found a way to send a TCP SYN packet with a forged source address to e.g. your friend's machine's port 3? :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Do you think anybody has ever had *precisely this thought* before? --wac7ysb48OaltWcw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9Kdvl7Ri2jRYZRVMRAmFsAKCoi3A52ydXemEawXxp4kRF5TIMlwCcDmPw lhwKLMkbJHtCYQE2hvaqsgs= =KrjA -----END PGP SIGNATURE----- --wac7ysb48OaltWcw-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020708183726.GA363>