From owner-freebsd-security Thu Mar 28 14:38:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id F1A8037B41D for ; Thu, 28 Mar 2002 14:37:22 -0800 (PST) Received: from user-119aekg.biz.mindspring.com ([66.149.58.144] helo=ns.flncs.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 16qiWE-0003Gh-00 for freebsd-security@freebsd.org; Thu, 28 Mar 2002 14:37:18 -0800 Received: from moti (cylex [12.27.148.78]) by ns.flncs.com (Postfix) with SMTP id BDDAB20696 for ; Thu, 28 Mar 2002 17:41:00 -0500 (EST) Message-ID: <000001c1d6a9$2eb649c0$fd6e34c6@moti> From: "Moti Levy" To: References: <20020328172259.C73793-100000@cianet.cianet.ind.br> Subject: Re: How can I erase my fingertips . Date: Thu, 28 Mar 2002 17:37:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Cooooool thanks Bjoern Engels Before : No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=2.54BETA31%P=i386-portbld-freebsd4.5%D=3/28%Time=3CA38B56%O=22%C=1) TSeq(Class=TR%IPID=I%TS=100HZ) After : options RANDOM_IP_ID and sysctl net.inet.ip.ttl=68 instead of 64 Remote operating system guess: AIX 4.3.2.0-4.3.3.0 on an IBM RS/* Uptime 0.003 days (since Thu Mar 28 17:25:37 2002) TCP Sequence Prediction: Class=truly random Difficulty=9999999 (Good luck!) IPID Sequence Generation: Randomized ----- Original Message ----- From: "Bjoern Engels" To: ; "Moti Levy" Sent: Thursday, March 28, 2002 3:39 PM Subject: Re: How can I erase my fingertips . On Thursday, 28. March 2002 21:25, Alvaro Pereira wrote: > On Thu, 28 Mar 2002, Moti Levy wrote: > > I want to stop nmap from detecting my os . > from /usr/src/sys/i386/conf/LINT > > # > # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. > This # prevents nmap et al. from identifying the TCP/IP stack, but > breaks support # for RFC1644 extensions and is not recommended for > web servers. # > options TCP_DROP_SYNFIN #drop TCP packets with > SYN+FIN > Additionally, add # RANDOM_IP_ID causes the ID field in IP packets to be randomized options RANDOM_IP_ID and change the default TTL. Bjoern -- "The number of Unix installations has grown to ten, with more expected" -- The Unix programmers handbook, 1972 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message