Date: Tue, 19 Apr 2005 13:47:57 +0200 (CEST) From: Michal 'max' Marciniak <max@felix.fizyka.amu.edu.pl> To: freebsd-stable@freebsd.org Subject: Re: FreeBSD and NMAP Message-ID: <Pine.NEB.4.62.0504191340230.16565@felix.fizyka.amu.edu.pl> In-Reply-To: <f0f70e5e050419043335bb87ba@mail.gmail.com> References: <f0f70e5e0504190411241c2433@mail.gmail.com> <f0f70e5e050419043335bb87ba@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Apr 2005, peceka wrote: >> > How can i hide from nmap that my OS is FreeBSD? Is this possible? >> >> # sysctl -ad | grep random_id >> net.inet.ip.random_id: Assign random ip_id values >> # echo 'net.inet.ip.random_id=3D1' >> /etc/sysctl.conf > >After that: >Interesting ports on 192.168.1.248: >(The 1643 ports scanned but not shown below are in state: closed) >Port State Service >22/tcp open ssh >Device type: general purpose >Running (JUST GUESSING) : FreeBSD 5.X|4.X (95%), Apple Mac OS X 10.1.X >(88%), OpenBSD 3.X|2.X (88%), Apple Mac OS 8.X (85%) >Aggressive OS guesses: FreeBSD 5.0-RELEASE (95%), Apple Mac OS X >10.1.5 (88%), FreeBSD 4.3 - 4.4PRERELEASE (88%), FreeBSD 5.0-RELEASE >(x86) (88%), FreeBSD 5.1-CURRENT (June 2003) on Sparc64 (88%), OpenBSD >3.0 or 3.3 (88%), Apple Mac OS X 10.1.4 (Darwin Kernel 5.4) on iMac >(86%), FreeBSD 4.5-RELEASE (or -STABLE) through 4.6-RC (X86) (86%), >FreeBSD 4.7-RELEASE (86%), FreeBSD 5.0-RELEASE or -CURRENT (Jan 2003) >(86%) >No exact OS matches for host (test conditions non-ideal). >Uptime 0.003 days (since Tue Apr 19 13:22:41 2005) > >So it didn't help much... > So, try this: block in log quick proto tcp flags FUP/WEUAPRSF block in log quick proto tcp flags WEUAPRSF/WEUAPRSF block in log quick proto tcp flags SRAFU/WEUAPRSF block in log quick proto tcp flags /WEUAPRSF block in log quick proto tcp flags SR/SR block in log quick proto tcp flags SF/SF (in pf.conf) -- Micha=B3 'max' Marciniak felix.fizyka.amu.edu.pl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.62.0504191340230.16565>