From owner-freebsd-security Mon Jul 8 12:52:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ACDED37B400 for ; Mon, 8 Jul 2002 12:52:49 -0700 (PDT) Received: from web10107.mail.yahoo.com (web10107.mail.yahoo.com [216.136.130.57]) by mx1.FreeBSD.org (Postfix) with SMTP id 1A58443E31 for ; Mon, 8 Jul 2002 12:52:49 -0700 (PDT) (envelope-from twigles@yahoo.com) Message-ID: <20020708195244.79411.qmail@web10107.mail.yahoo.com> Received: from [68.5.49.41] by web10107.mail.yahoo.com via HTTP; Mon, 08 Jul 2002 12:52:44 PDT Date: Mon, 8 Jul 2002 12:52:44 -0700 (PDT) From: twig les Subject: Re: hiding OS name To: Peter Pentchev , Klaus Steden Cc: twig les , "Dalin S. Owen" , Laurence Brockman , security@FreeBSD.ORG In-Reply-To: <20020708183726.GA363@straylight.oblivion.bg> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Nah, they have an ignore file of IPs to never block. rude but simple and effective. --- Peter Pentchev wrote: > On Mon, Jul 08, 2002 at 02:13:42PM -0400, Klaus > Steden wrote: > > > Portsentry may help > (/usr/ports/security/portsentry I > > > believe). Won't hide the OS, but it may shut > down > > > scans before they get that far. , never > tested > > > it that way. > > > > > A friend of mine runs portsentry configured to > blackhole every IP that > > attempts to connect to a port where no server is > running (in conjunction with > > a strict firewall); that can be done in FreeBSD > without using portsentry, via > > the blackhole sysctl MIBs. See blackhole(4). > > > > It's not a bad means to keep people out of your > machines. > > I know I'm going to regret posting in this thread, > but so be it :) > > Does your friend know that, unlikely as it is made > by modern ingress and > egress routing practices, IP spoofing is still not > quite ruled out? > Will your friend's portsentry setup happily > blackhole e.g. his ISP's > nameserver, or the root nameservers, or > www.cnn.com's IP addresses, > simply because somebody found a way to send a TCP > SYN packet with a > forged source address to e.g. your friend's > machine's port 3? :) > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: > http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 > B68D 1619 4553 > Do you think anybody has ever had *precisely this > thought* before? > > ATTACHMENT part 2 application/pgp-signature ===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message