Date: Mon, 8 Jul 2002 16:18:08 -0700 From: "Philip J. Koenig" <pjklist@ekahuna.com> To: security@FreeBSD.ORG Subject: Re: hiding OS name Message-ID: <20020708231809505.AAA981@empty1.ekahuna.com@pc02.ekahuna.com> In-Reply-To: <bulk.35441.20020708074200@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Sun, 7 Jul 2002 21:29:42 -0700 > From: Nathan Kinkade <nkinkade@dsl-only.com> > > On Mon, 8 Jul 2002 09:32:09 +0700 > "Asep Ruspeni" <ruspeni@mti.itb.ac.id> wrote: > > > I am newbie in FreeBSD OS, but i have lot of concerned in securing > > system. > > > > I have questions like this : > > > > - how can i set-up FreeBSD, so when it being scanned, it's show no > > operating system name + version. > > - is there any articles i colud read about securing freeBSD such as > > the question i ask above. > > > > thank you in advance. > > What you are looking for is not really a function of FreeBSD, but rather > of the various servers you may be running on FreeBSD such as Apache, > FTP, Sendmail, and so on. If it's going to happen it will probably be > something that you configure the daemon to do, however I don't know > which allow you to do something similar other than wu-ftpd, although I'd > guess there are others. Network scanning utilities - I'm thinking of > nmap in particular - allow you to scan a host(s) and attempt to > determine the OS/version based on certain peculiarities in the > response(s). One way to help minimize the impact of this would be to > set the net.inet.tcp.blackhole and net.inet.udp.blackhole kernel > parameters using the sysctl utility. For more information on this > checkout the "blackhole(4)" manpage with `man 4 blackhole`. > > Nathan Another option is to put the box behind a firewall. Very often if something like nmap is looking for peculiarities in the IP stack implementation to ascertain what OS is on a box, if there is a firewall in front of it it will be id'ing the firewall's IP implementation rather than the target host's. -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020708231809505.AAA981>