From owner-freebsd-net@FreeBSD.ORG Sat Sep 4 19:03:54 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F28D16A4CE for ; Sat, 4 Sep 2004 19:03:54 +0000 (GMT) Received: from digital-security.org (digital-security.org [216.254.116.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FEAC43D2F for ; Sat, 4 Sep 2004 19:03:54 +0000 (GMT) (envelope-from vxp@digital-security.org) Received: from localhost.tmok.com ([127.0.0.1] helo=localhost ident=vxp) by digital-security.org with esmtp (Exim 4.41 (FreeBSD)) id 1C3eKz-0009u9-56; Sat, 04 Sep 2004 13:28:33 -0400 Date: Sat, 4 Sep 2004 13:28:28 -0400 (EDT) From: vxp To: Wesley Shields In-Reply-To: <20040904175028.GA25772@csh.rit.edu> Message-ID: <20040904132345.A38065@digital-security.org> References: <20040904093042.B37306@digital-security.org> <20040904175028.GA25772@csh.rit.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Score: 0.3 (/) X-Spam-Report: Spam detection software, running on the system "digital-security.org", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details.is true, but the problem with these kinds of things is that users > will think that with a simple flip of a sysctl they are secure, when in > fact that are no more secure than before. [...] Content analysis details: (0.3 points, 3.0 required) pts rule name description -------------------------------------------------- 0.3 AWL AWL: Auto-whitelist adjustment cc: freebsd-net@freebsd.org cc: Colin Alston Subject: Re: fooling nmap X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2004 19:03:54 -0000 On Sat, 4 Sep 2004, Wesley Shields wrote: > > That is true, but the problem with these kinds of things is that users > will think that with a simple flip of a sysctl they are secure, when in > fact that are no more secure than before. that's also 100% true, however that's why documentation exists. there's even a security section within it.. we would probably want to add something like 'obscurity is great if it's only _one of_ the components in your security setup, not _the only_ component'. they might get the point. =) now, another question arises i could always code a parser for nmap fingerprints file, but i don't think that's a good idea to include something like that in the kernel.. what do you think? hardcode a few OS fingerprint choices, and call it a day ? in other words, what would you guys say be a _proper_ bsd-style thing to do, if this were to be done? --Val