Date: Tue, 9 Jul 2002 10:52:43 -0500 From: "Jeremy Suo-Anttila" <jps@funeralexchange.com> To: "Alex" <freebsd-reply@akruijff.dds.nl> Cc: <security@FreeBSD.ORG> Subject: RE: : hiding OS name Message-ID: <OAEOLDPOMIMMJMKEBFHCGELMCMAA.jps@funeralexchange.com> In-Reply-To: <5616647177.20020709155214@dds.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Just because the firewall is OpenBSD do NOT make it anymore secure then a well tuned and hardened FreeBSD box. The box is only as secure as the administrator maintaining it. One way to hide your OS i can see after you have found a way to hide it from all the services you run on the servers would be to place as bridged ipf/ipfw firewall in front of them all and then run a black hole on it and drop all spoofed packets along with a half dozen other known types of scans. This way if your firewall is scanned the packets will be silently dropped to the floor and left for dead and the machines behind it should not have ever been touched by it. Also one final note the FreeBSD packet switching fairies work much faster for less pay and they are also very easily annoyed. http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/funnies.html Thanks Jeremy Suo-Anttila jps@funeralexchange.com Sent: Tuesday, July 09, 2002 8:52 AM Cc: security@FreeBSD.ORG Subject: Re[2]: hiding OS name Hello/Beste Philip, Tuesday, July 09, 2002, 1:18:08 AM, you wrote: >> Date: Sun, 7 Jul 2002 21:29:42 -0700 >> From: Nathan Kinkade <nkinkade@dsl-only.com> >> >> On Mon, 8 Jul 2002 09:32:09 +0700 >> "Asep Ruspeni" <ruspeni@mti.itb.ac.id> wrote: >> >> > I am newbie in FreeBSD OS, but i have lot of concerned in securing >> > system. >> > >> > I have questions like this : >> > >> > - how can i set-up FreeBSD, so when it being scanned, it's show no >> > operating system name + version. >> > - is there any articles i colud read about securing freeBSD such as >> > the question i ask above. >> > >> > thank you in advance. >> >> What you are looking for is not really a function of FreeBSD, but rather >> of the various servers you may be running on FreeBSD such as Apache, >> FTP, Sendmail, and so on. If it's going to happen it will probably be >> something that you configure the daemon to do, however I don't know >> which allow you to do something similar other than wu-ftpd, although I'd >> guess there are others. Network scanning utilities - I'm thinking of >> nmap in particular - allow you to scan a host(s) and attempt to >> determine the OS/version based on certain peculiarities in the >> response(s). One way to help minimize the impact of this would be to >> set the net.inet.tcp.blackhole and net.inet.udp.blackhole kernel >> parameters using the sysctl utility. For more information on this >> checkout the "blackhole(4)" manpage with `man 4 blackhole`. >> >> Nathan PJK> Another option is to put the box behind a firewall. Very often if PJK> something like nmap is looking for peculiarities in the IP stack PJK> implementation to ascertain what OS is on a box, if there is a PJK> firewall in front of it it will be id'ing the firewall's IP PJK> implementation rather than the target host's. You can have openBSD on that system to look very very secure. -- Best regards/Met vriendelijke groet, Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OAEOLDPOMIMMJMKEBFHCGELMCMAA.jps>