Date: Mon, 15 Mar 2010 00:53:00 +0100 From: "pawelekc@gmail.com" <pawelekc@gmail.com> To: freebsd-net@freebsd.org Subject: Protection against passive fingerprinting Message-ID: <c6b9a7811003141653x41746a80x2bd25fa0add2313a@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Is there a good way to hide number computers behind NAT? I was trying scrub in PF but it only changes sequnece number and timestamp to random value and rest of the packet is the same (ex. window size). Outgoing traffic is very sick and very suspicious. I would like to make outgoing syn packets look the same so I redirected main traffic (http) into www-proxy what makes majority traffic looks the same. Unfortunately rest of packets which go through NAT depend on kind of system from where they are sended. I thought about synproxy state in PF and I made some tests. At first I'll show what I have done. [Internet] --- rl0(serwer)rl1 --- [Lan] (ports are only examples) pass in on rl1 proto tcp from any to any port {443, 8080} flags S/SA synproxy state Everything works fine. Every outgoing nated syn packet looks the same but they don't look like system's syn packets. Here is listing from p0f on rl0: (I have change default ttl and disabled timestamps) 10.0.0.101:62346 - UNKNOWN [0:128:1:44:M1460:.:?:?] [high throughput] -> 91.111.11.11:443 (link: ethernet/modem) ##synproxy state### 10.0.0.101:57584 - UNKNOWN [65535:128:1:48:M1460,S,E:P:?:?] -> 193.11.11.11:80 (link: ethernet/modem) ##system syn## As we can see they are diffrent. In first (except window size which is 0) there is no option. I second we can se window size 65536, ttl, size of syn, MSS, SackOn, EOL. 1.Why does synproxy's syn have 0 windowsize?! and why in general these both packets are diffrent 2.Why freebsd 8.0 ends tcp options witch EOL (E)? When rfc1323 (timestamps) is enabled it looks like this (there is no EOL): 10.0.0.101:55225 - UNKNOWN [65535:128:1:60:M1460,N,W3,S,T:.:?:?] (up: 730 hrs) -> 12.123.45.76:80 (link: ethernet/modem) 5. how to enable auto negotiate mss in freebsd 8.0? (I have seen that it was default in previous versions ex. FreeBSD:5.1-current) 4. Is there possible to change freebsd tcp stack to make freebsd looks like windows or linux? maybe it's necessary to change something in kernel source but where?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c6b9a7811003141653x41746a80x2bd25fa0add2313a>