Date: Sun, 7 Jul 2002 21:29:42 -0700 From: Nathan Kinkade <nkinkade@dsl-only.com> To: "Asep Ruspeni" <ruspeni@mti.itb.ac.id> Cc: freebsd-security@FreeBSD.ORG Subject: Re: hiding OS name Message-ID: <20020707212942.027efd2e.nkinkade@dsl-only.com> In-Reply-To: <006601c22627$a9199000$21020a0a@mti.itb.ac.id> References: <006601c22627$a9199000$21020a0a@mti.itb.ac.id>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 8 Jul 2002 09:32:09 +0700 "Asep Ruspeni" <ruspeni@mti.itb.ac.id> wrote: > I am newbie in FreeBSD OS, but i have lot of concerned in securing > system. > > I have questions like this : > > - how can i set-up FreeBSD, so when it being scanned, it's show no > operating system name + version. > - is there any articles i colud read about securing freeBSD such as > the question i ask above. > > thank you in advance. What you are looking for is not really a function of FreeBSD, but rather of the various servers you may be running on FreeBSD such as Apache, FTP, Sendmail, and so on. If it's going to happen it will probably be something that you configure the daemon to do, however I don't know which allow you to do something similar other than wu-ftpd, although I'd guess there are others. Network scanning utilities - I'm thinking of nmap in particular - allow you to scan a host(s) and attempt to determine the OS/version based on certain peculiarities in the response(s). One way to help minimize the impact of this would be to set the net.inet.tcp.blackhole and net.inet.udp.blackhole kernel parameters using the sysctl utility. For more information on this checkout the "blackhole(4)" manpage with `man 4 blackhole`. Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020707212942.027efd2e.nkinkade>