Date: Sat, 04 Sep 2004 22:05:24 -0400 From: Clark Gaylord <gaylord@dirtcheapemail.com> To: Barney Wolff <barney@databus.com> Cc: vxp <vxp@digital-security.org> Subject: Re: fooling nmap Message-ID: <413A7464.4090204@dirtcheapemail.com> In-Reply-To: <20040905005019.GA72836@pit.databus.com> References: <20040904093042.B37306@digital-security.org> <20040904175028.GA25772@csh.rit.edu> <20040904132345.A38065@digital-security.org> <20040905005019.GA72836@pit.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Barney Wolff wrote: > On Sat, Sep 04, 2004 at 01:28:28PM -0400, vxp wrote: >>in other words, what would you guys say be a _proper_ bsd-style thing to >>do, if this were to be done? > > Nothing. If you want to pollute your kernel with nonsense of this > sort, go right ahead, but leave mine alone. Adding frills detracts > from security, even when they're only enabled by compile-time > switches. The netinet code is already a challenge to follow or > keep in mind all at once. Anything that makes the problem worse > without a really big payoff is insane. I very much concur with Barney's sentiment, but I would also point out that our decisions for various sysctl settings should be based on sound network engineering practices. If we mimic some OS by trying to replicate something stupid that it does, then we've compromised sound network engineering. It reeks of the "deny ICMP" stupidity you so often see in firewall configs. OTOH, I think understanding why different OSes fingerprint differently is an extremely interesting pursuit, and good studies describing the many different strategies are fascinating if done well (not just the usual "this OS has its head up its ass" commentary, but really delve in to see "oh *that's* why they do that"). This "comparative literature" approach could build consensus for what the "right" approaches are and understanding of the reasonable alternatives. It may be that more consensus in approach would change the viability of fingerprinting anyway, and then for good reasons. --ckg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?413A7464.4090204>