From owner-freebsd-security Mon Jul 8 13: 8:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10D7137B400 for ; Mon, 8 Jul 2002 13:08:08 -0700 (PDT) Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5E2043E31 for ; Mon, 8 Jul 2002 13:08:06 -0700 (PDT) (envelope-from fasty@shell.i-sphere.com) Received: from shell.i-sphere.com (fasty@localhost [127.0.0.1]) by I-Sphere.COM (8.12.3/8.12.3) with ESMTP id g68K91Hd094889; Mon, 8 Jul 2002 13:09:01 -0700 (PDT) (envelope-from fasty@shell.i-sphere.com) Received: (from fasty@localhost) by shell.i-sphere.com (8.12.3/8.12.3/Submit) id g68K91U7094888; Mon, 8 Jul 2002 13:09:01 -0700 (PDT) Date: Mon, 8 Jul 2002 13:09:01 -0700 From: faSty To: twig les Cc: freebsd-security@freebsd.org Subject: Re: hiding OS name Message-ID: <20020708200901.GB94197@i-sphere.com> Mail-Followup-To: faSty , twig les , freebsd-security@freebsd.org References: <20020708183726.GA363@straylight.oblivion.bg> <20020708195244.79411.qmail@web10107.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020708195244.79411.qmail@web10107.mail.yahoo.com> User-Agent: Mutt/1.4i X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yeah, I know. but it still Denial of Service with spoofing hit hard on portsentry. -fasty On Mon, Jul 08, 2002 at 12:52:44PM -0700, twig les wrote: > Nah, they have an ignore file of IPs to never block. > rude but simple and effective. > > > --- Peter Pentchev wrote: > > On Mon, Jul 08, 2002 at 02:13:42PM -0400, Klaus > > Steden wrote: > > > > Portsentry may help > > (/usr/ports/security/portsentry I > > > > believe). Won't hide the OS, but it may shut > > down > > > > scans before they get that far. , never > > tested > > > > it that way. > > > > > > > A friend of mine runs portsentry configured to > > blackhole every IP that > > > attempts to connect to a port where no server is > > running (in conjunction with > > > a strict firewall); that can be done in FreeBSD > > without using portsentry, via > > > the blackhole sysctl MIBs. See blackhole(4). > > > > > > It's not a bad means to keep people out of your > > machines. > > > > I know I'm going to regret posting in this thread, > > but so be it :) > > > > Does your friend know that, unlikely as it is made > > by modern ingress and > > egress routing practices, IP spoofing is still not > > quite ruled out? > > Will your friend's portsentry setup happily > > blackhole e.g. his ISP's > > nameserver, or the root nameservers, or > > www.cnn.com's IP addresses, > > simply because somebody found a way to send a TCP > > SYN packet with a > > forged source address to e.g. your friend's > > machine's port 3? :) > > > > G'luck, > > Peter > > > > -- > > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > > PGP key: > > http://people.FreeBSD.org/~roam/roam.key.asc > > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 > > B68D 1619 4553 > > Do you think anybody has ever had *precisely this > > thought* before? > > > > > ATTACHMENT part 2 application/pgp-signature > > > > ===== > ----------------------------------------------------------- > All warfare is based on deception. > ----------------------------------------------------------- > > __________________________________________________ > Do You Yahoo!? > Sign up for SBC Yahoo! Dial - First Month Free > http://sbc.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Chicago law prohibits eating in a place that is on fire. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message