Date: Sat, 26 Aug 2000 01:18:51 -0400 (EDT) From: rob <rob@enigma.gctr.net> To: Fred Souza <cseg@kronus.com.br> Cc: security@freebsd.org Subject: Re: nmap OS detection Message-ID: <Pine.BSF.4.21.0008260116100.1830-100000@enigma.gctr.net> In-Reply-To: <20000826002656.A6530@torment.secfreak.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Unless I'm mistaken, Nmap remote OS detection use's a tcp packet with the FIN / URG / PUSH flags set. This would explain why you were unable to determine your OS when you had the net.inet.tcp.drop_synfin kernel option set. Pherhaps your router is dropping such packets? Try to plug two machines in to a hub, disable the kernel options and your filtering rules, and then try this again. Hope that helps. Rob On Sat, 26 Aug 2000, Fred Souza wrote: > Hi all, > > I don't know if it's the right place to ask this, but since it's directly > related to security, I think I'm not too wrong. :) > > I've trying to audit my network using nmap, but there's something wrong. > It scans the hosts correctly, but it doesn't detect the remote hosts OSes. > > I was using the kernel option net.inet.tcp.drop_synfin, and it was causing > nmap to not even being able to determine my own localhost OS. After disa- > bling that option, it now can tell I'm using a FreeBSD 4.1 box. > > But it still cannot tell what OSes remote systems run. I've tried to boot > the system without any changes through sysctl, and nothing. Tried to disa- > ble the firewall (ipf), because I thought it could possibly be any configu- > ration mistakes, but no luck. > > I even tried to detect remote OS from outside my network, against lots of > random hosts, and none of those it did so. Any ideas on how to fix that? > > > Thanks in advance, > Fred. > > -- > Watch your code, or it'll get you. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008260116100.1830-100000>