Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 4 Sep 2004 09:49:28 -0400 (EDT)
From:      vxp <vxp@digital-security.org>
To:        Colin Alston <karnaugh@karnaugh.za.net>
Cc:        freebsd-net@freebsd.org
Subject:   Re: fooling nmap
Message-ID:  <20040904094619.H37469@digital-security.org>
In-Reply-To: <4139DCF0.7070008@karnaugh.za.net>
References:  <20040904093042.B37306@digital-security.org> <4139DCF0.7070008@karnaugh.za.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
pretty much any sort of attack / intrusion attempt begins with information
gathering on the machine. part of that, would be trying to figure out what
OS runs on the machine. the more (accurate) information a potential
attacker can gather on the machine, the more chances that his attempt will
succeed. obviously, even with this change in place, you'd need to do some
other things so as to prevent this for example:

$ telnet localhost 22
Trying ::1...
Connected to localhost.digital-security.org
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p1 FreeBSD-20030924
                         ^^^^^^^^^
                         banners all over need to be changed

but nevertheless, it'd be a step in the right direction in my opinion

--Val

On Sat, 4 Sep 2004, Colin Alston wrote:

> vxp wrote:
>
> >Hi,
> >
> >I'm wondering if it'd be a good idea / worth it to modify the kernel a bit
> >and add a few sysctl switches so the user would be able to choose what OS
> >he wants the box to appear as, to a nmap scan ?
> >
> >It'd require, obviously, a few modifications to the networking code.
> >Please elaborate on why you don't think its a good idea, if thats the
> >case.. and feel free to give any comments/suggestions if you think it is a
> >good idea as well. =)
> >
> >Val
> >
> >
> >
> What exactly is the point/benefit of such a change?
>
> --
> Colin Alston <karnaugh@karnaugh.za.net>
>
> About the use of language:
>   "It is impossible to sharpen a pencil with a blunt axe.  It is
>   equally vain to try to do it with ten blunt axes instead."
>    -- E.W.Dijkstra, 18th June 1975. (Perl did not exist at the time.)
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040904094619.H37469>