From owner-freebsd-security Mon Jul 8 12:31: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBFE037B400 for ; Mon, 8 Jul 2002 12:31:05 -0700 (PDT) Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7899243E31 for ; Mon, 8 Jul 2002 12:31:05 -0700 (PDT) (envelope-from fasty@shell.i-sphere.com) Received: from shell.i-sphere.com (fasty@localhost [127.0.0.1]) by I-Sphere.COM (8.12.3/8.12.3) with ESMTP id g68JVvHd094327; Mon, 8 Jul 2002 12:31:57 -0700 (PDT) (envelope-from fasty@shell.i-sphere.com) Received: (from fasty@localhost) by shell.i-sphere.com (8.12.3/8.12.3/Submit) id g68JVvqC094326; Mon, 8 Jul 2002 12:31:57 -0700 (PDT) Date: Mon, 8 Jul 2002 12:31:57 -0700 From: faSty To: Klaus Steden Cc: freebsd-security@freebsd.org Subject: Re: hiding OS name Message-ID: <20020708193157.GA94197@i-sphere.com> Mail-Followup-To: faSty , Klaus Steden , freebsd-security@freebsd.org References: <20020708111122.A33379@nexusxi.com> <20020708175214.31781.qmail@web10104.mail.yahoo.com> <20020708141342.G13139@cthulu.compt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020708141342.G13139@cthulu.compt.com> User-Agent: Mutt/1.4i X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Problem is that when you run portsentry. If someone spoofing the packet fool portsentry trigger block on your own IP or Denial of Service with spoofing your IP and your portsentry will be useless even I had put list of IP "ignore" I.E. portsentry.ignore. I have that experience from the past. No good. -fasty On Mon, Jul 08, 2002 at 02:13:42PM -0400, Klaus Steden wrote: > > Portsentry may help (/usr/ports/security/portsentry I > > believe). Won't hide the OS, but it may shut down > > scans before they get that far. , never tested > > it that way. > > > A friend of mine runs portsentry configured to blackhole every IP that > attempts to connect to a port where no server is running (in conjunction with > a strict firewall); that can be done in FreeBSD without using portsentry, via > the blackhole sysctl MIBs. See blackhole(4). > > It's not a bad means to keep people out of your machines. > > Klaus > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message