From owner-freebsd-net@FreeBSD.ORG Mon Mar 15 00:23:35 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2446D106566C for ; Mon, 15 Mar 2010 00:23:35 +0000 (UTC) (envelope-from pawelekc@gmail.com) Received: from mail-bw0-f216.google.com (mail-bw0-f216.google.com [209.85.218.216]) by mx1.freebsd.org (Postfix) with ESMTP id AF8A78FC0C for ; Mon, 15 Mar 2010 00:23:34 +0000 (UTC) Received: by bwz8 with SMTP id 8so2529293bwz.3 for ; Sun, 14 Mar 2010 17:23:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=uXNsuquAd3Cq7vsm7LfBMMxeIHviFCl6mr2E7AGLiK4=; b=PLmz8EJ5P0gT0DnjWTeyd56WYGQ/Q8pj6oiVZLz/hv+gc7srw/lLmorQH++cEGNeOZ MMBw0ELN2Hc5RTwYzeDB3clHF7yLo0r08GcDiWuix9GoR+cEU7MtcEay93Z9QPMckpO5 UpP1fHIfqwmZLbZB4gt04cFhaGqQwTvDNPkT0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=kvpOQHHWNSWn6yHDaJE49uQfiZoe/4djySWpPLz/Tpt31WQXPimWg+GdLXwuSVOEeD uSC5p3BbaKMxIPf2c5pKL9imRLFRXGLvljvBOArlIxR7nZQL2NORWN/V5icW2VzBJYOw xVOZbFMIi1eYv+VmoC1yej6HABJIiPBEcJG1g= MIME-Version: 1.0 Received: by 10.204.33.67 with SMTP id g3mr4127414bkd.21.1268610780757; Sun, 14 Mar 2010 16:53:00 -0700 (PDT) Date: Mon, 15 Mar 2010 00:53:00 +0100 Message-ID: From: "pawelekc@gmail.com" To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Protection against passive fingerprinting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2010 00:23:35 -0000 Is there a good way to hide number computers behind NAT? I was trying scrub in PF but it only changes sequnece number and timestamp to random value and rest of the packet is the same (ex. window size). Outgoing traffic is very sick and very suspicious. I would like to make outgoing syn packets look the same so I redirected main traffic (http) into www-proxy what makes majority traffic looks the same. Unfortunately rest of packets which go through NAT depend on kind of system from where they are sended. I thought about synproxy state in PF and I made some tests. At first I'll show what I have done. [Internet] --- rl0(serwer)rl1 --- [Lan] (ports are only examples) pass in on rl1 proto tcp from any to any port {443, 8080} flags S/SA synproxy state Everything works fine. Every outgoing nated syn packet looks the same but they don't look like system's syn packets. Here is listing from p0f on rl0: (I have change default ttl and disabled timestamps) 10.0.0.101:62346 - UNKNOWN [0:128:1:44:M1460:.:?:?] [high throughput] -> 91.111.11.11:443 (link: ethernet/modem) ##synproxy state### 10.0.0.101:57584 - UNKNOWN [65535:128:1:48:M1460,S,E:P:?:?] -> 193.11.11.11:80 (link: ethernet/modem) ##system syn## As we can see they are diffrent. In first (except window size which is 0) there is no option. I second we can se window size 65536, ttl, size of syn, MSS, SackOn, EOL. 1.Why does synproxy's syn have 0 windowsize?! and why in general these both packets are diffrent 2.Why freebsd 8.0 ends tcp options witch EOL (E)? When rfc1323 (timestamps) is enabled it looks like this (there is no EOL): 10.0.0.101:55225 - UNKNOWN [65535:128:1:60:M1460,N,W3,S,T:.:?:?] (up: 730 hrs) -> 12.123.45.76:80 (link: ethernet/modem) 5. how to enable auto negotiate mss in freebsd 8.0? (I have seen that it was default in previous versions ex. FreeBSD:5.1-current) 4. Is there possible to change freebsd tcp stack to make freebsd looks like windows or linux? maybe it's necessary to change something in kernel source but where?