From owner-freebsd-security Mon Jul 8 16:18:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A32BA37B400 for ; Mon, 8 Jul 2002 16:18:10 -0700 (PDT) Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13E3943E4A for ; Mon, 8 Jul 2002 16:18:10 -0700 (PDT) (envelope-from pjklist@ekahuna.com) Received: from pc-02 (pc02.ekahuna.com [198.144.200.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com for ; Mon, 8 Jul 2002 16:18:09 -0700 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: security@FreeBSD.ORG Date: Mon, 8 Jul 2002 16:18:08 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: hiding OS name Reply-To: pjklist@ekahuna.com In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Message-ID: <20020708231809505.AAA981@empty1.ekahuna.com@pc02.ekahuna.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Date: Sun, 7 Jul 2002 21:29:42 -0700 > From: Nathan Kinkade > > On Mon, 8 Jul 2002 09:32:09 +0700 > "Asep Ruspeni" wrote: > > > I am newbie in FreeBSD OS, but i have lot of concerned in securing > > system. > > > > I have questions like this : > > > > - how can i set-up FreeBSD, so when it being scanned, it's show no > > operating system name + version. > > - is there any articles i colud read about securing freeBSD such as > > the question i ask above. > > > > thank you in advance. > > What you are looking for is not really a function of FreeBSD, but rather > of the various servers you may be running on FreeBSD such as Apache, > FTP, Sendmail, and so on. If it's going to happen it will probably be > something that you configure the daemon to do, however I don't know > which allow you to do something similar other than wu-ftpd, although I'd > guess there are others. Network scanning utilities - I'm thinking of > nmap in particular - allow you to scan a host(s) and attempt to > determine the OS/version based on certain peculiarities in the > response(s). One way to help minimize the impact of this would be to > set the net.inet.tcp.blackhole and net.inet.udp.blackhole kernel > parameters using the sysctl utility. For more information on this > checkout the "blackhole(4)" manpage with `man 4 blackhole`. > > Nathan Another option is to put the box behind a firewall. Very often if something like nmap is looking for peculiarities in the IP stack implementation to ascertain what OS is on a box, if there is a firewall in front of it it will be id'ing the firewall's IP implementation rather than the target host's. -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message