From owner-freebsd-security  Fri Aug 25 23:21:42 2000
Delivered-To: freebsd-security@freebsd.org
Received: from kronus.com.br (dial-bhn-C8C0B490.bhz.zaz.com.br [200.192.180.144])
	by hub.freebsd.org (Postfix) with SMTP id 0BA0C37B43E
	for <security@freebsd.org>; Fri, 25 Aug 2000 23:21:35 -0700 (PDT)
Received: (qmail 11040 invoked by uid 1000); 26 Aug 2000 00:28:24 -0000
Date: Sat, 26 Aug 2000 03:28:24 +0300
From: Fred Souza <cseg@kronus.com.br>
To: rob <rob@enigma.gctr.net>
Cc: security@freebsd.org
Subject: Re: nmap OS detection
Message-ID: <20000826032824.A11005@torment.secfreak.com>
References: <20000826002656.A6530@torment.secfreak.com> <Pine.BSF.4.21.0008260116100.1830-100000@enigma.gctr.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: Your message of "Sat, Aug 26 2000 01:18:51 -0400"
	     <Pine.BSF.4.21.0008260116100.1830-100000@enigma.gctr.net>
X-Note: \x70\x73\x79\x63\x68
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Unless I'm mistaken, Nmap remote OS detection use's a tcp packet with the
> FIN / URG / PUSH flags set. This would explain why you were unable to
> determine your OS when you had the net.inet.tcp.drop_synfin kernel option
> set. Pherhaps your router is dropping such packets? Try to plug two
> machines in to a hub, disable the kernel options and your filtering rules,
> and then try this again.

  I've tried that already, no luck.


-- 
This is what you get when you meet someone who has spent most of his/her entire
life, thinking.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message