From owner-freebsd-net@FreeBSD.ORG Sat Sep 4 15:24:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD5EA16A4CE for ; Sat, 4 Sep 2004 15:24:48 +0000 (GMT) Received: from digital-security.org (digital-security.org [216.254.116.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7390443D45 for ; Sat, 4 Sep 2004 15:24:48 +0000 (GMT) (envelope-from vxp@digital-security.org) Received: from localhost.tmok.com ([127.0.0.1] helo=localhost ident=vxp) by digital-security.org with esmtp (Exim 4.41 (FreeBSD)) id 1C3av2-0009kR-7X; Sat, 04 Sep 2004 09:49:29 -0400 Date: Sat, 4 Sep 2004 09:49:28 -0400 (EDT) From: vxp To: Colin Alston In-Reply-To: <4139DCF0.7070008@karnaugh.za.net> Message-ID: <20040904094619.H37469@digital-security.org> References: <20040904093042.B37306@digital-security.org> <4139DCF0.7070008@karnaugh.za.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "digital-security.org", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details. Content preview: pretty much any sort of attack / intrusion attempt begins with information gathering on the machine. part of that, would be trying to figure out what OS runs on the machine. the moremachine, the more chances that his attempt will succeed. obviously, even with this change in place, you'd need to do some other things so as to prevent this for example: [...] Content analysis details: (0.0 points, 3.0 required) pts rule name description -------------------------------------------------- cc: freebsd-net@freebsd.org Subject: Re: fooling nmap X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2004 15:24:48 -0000 pretty much any sort of attack / intrusion attempt begins with information gathering on the machine. part of that, would be trying to figure out what OS runs on the machine. the more (accurate) information a potential attacker can gather on the machine, the more chances that his attempt will succeed. obviously, even with this change in place, you'd need to do some other things so as to prevent this for example: $ telnet localhost 22 Trying ::1... Connected to localhost.digital-security.org Escape character is '^]'. SSH-1.99-OpenSSH_3.6.1p1 FreeBSD-20030924 ^^^^^^^^^ banners all over need to be changed but nevertheless, it'd be a step in the right direction in my opinion --Val On Sat, 4 Sep 2004, Colin Alston wrote: > vxp wrote: > > >Hi, > > > >I'm wondering if it'd be a good idea / worth it to modify the kernel a bit > >and add a few sysctl switches so the user would be able to choose what OS > >he wants the box to appear as, to a nmap scan ? > > > >It'd require, obviously, a few modifications to the networking code. > >Please elaborate on why you don't think its a good idea, if thats the > >case.. and feel free to give any comments/suggestions if you think it is a > >good idea as well. =) > > > >Val > > > > > > > What exactly is the point/benefit of such a change? > > -- > Colin Alston > > About the use of language: > "It is impossible to sharpen a pencil with a blunt axe. It is > equally vain to try to do it with ten blunt axes instead." > -- E.W.Dijkstra, 18th June 1975. (Perl did not exist at the time.) > >