Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Apr 2005 13:47:57 +0200 (CEST)
From:      Michal 'max' Marciniak <max@felix.fizyka.amu.edu.pl>
To:        freebsd-stable@freebsd.org
Subject:   Re: FreeBSD and NMAP
Message-ID:  <Pine.NEB.4.62.0504191340230.16565@felix.fizyka.amu.edu.pl>
In-Reply-To: <f0f70e5e050419043335bb87ba@mail.gmail.com>
References:  <f0f70e5e0504190411241c2433@mail.gmail.com>  <f0f70e5e050419043335bb87ba@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 19 Apr 2005, peceka wrote:

>> > How can i hide from nmap that my OS is FreeBSD? Is this possible?
>>
>> # sysctl -ad | grep random_id
>> net.inet.ip.random_id: Assign random ip_id values
>> # echo 'net.inet.ip.random_id=3D1' >> /etc/sysctl.conf
>
>After that:
>Interesting ports on 192.168.1.248:
>(The 1643 ports scanned but not shown below are in state: closed)
>Port       State       Service
>22/tcp     open        ssh
>Device type: general purpose
>Running (JUST GUESSING) : FreeBSD 5.X|4.X (95%), Apple Mac OS X 10.1.X
>(88%), OpenBSD 3.X|2.X (88%), Apple Mac OS 8.X (85%)
>Aggressive OS guesses: FreeBSD 5.0-RELEASE (95%), Apple Mac OS X
>10.1.5 (88%), FreeBSD 4.3 - 4.4PRERELEASE (88%), FreeBSD 5.0-RELEASE
>(x86) (88%), FreeBSD 5.1-CURRENT (June 2003) on Sparc64 (88%), OpenBSD
>3.0 or 3.3 (88%), Apple Mac OS X 10.1.4 (Darwin Kernel 5.4) on iMac
>(86%), FreeBSD 4.5-RELEASE (or -STABLE) through 4.6-RC (X86) (86%),
>FreeBSD 4.7-RELEASE (86%), FreeBSD 5.0-RELEASE or -CURRENT (Jan 2003)
>(86%)
>No exact OS matches for host (test conditions non-ideal).
>Uptime 0.003 days (since Tue Apr 19 13:22:41 2005)
>
>So it didn't help much...
>

So, try this:

block in log quick proto tcp flags FUP/WEUAPRSF
block in log quick proto tcp flags WEUAPRSF/WEUAPRSF
block in log quick proto tcp flags SRAFU/WEUAPRSF
block in log quick proto tcp flags /WEUAPRSF
block in log quick proto tcp flags SR/SR
block in log quick proto tcp flags SF/SF

(in pf.conf)


--
Micha=B3 'max' Marciniak
felix.fizyka.amu.edu.pl

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.62.0504191340230.16565>