From owner-freebsd-questions Mon Jul 8 5: 5:58 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 061E037B400 for ; Mon, 8 Jul 2002 05:05:55 -0700 (PDT) Received: from smtp13.singnet.com.sg (smtp13.singnet.com.sg [165.21.6.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF83143E09 for ; Mon, 8 Jul 2002 05:05:53 -0700 (PDT) (envelope-from shanali@singapura.singnet.com.sg) Received: from singapura.singnet.com.sg (singapura.singnet.com.sg [165.21.10.10]) by smtp13.singnet.com.sg (8.12.3/8.12.2) with ESMTP id g68C5pnE008437 for ; Mon, 8 Jul 2002 20:05:51 +0800 Received: (from shanali@localhost) by singapura.singnet.com.sg (8.8.5/8.7.2) id UAA12806 for freebsd-questions@FreeBSD.ORG; Mon, 8 Jul 2002 20:05:51 +0800 (SST) Date: Mon, 8 Jul 2002 20:05:51 +0800 From: S H A N To: Subject: Re: hiding OS name Message-ID: <20020708120551.GA4979@singapura.singnet.com.sg> Mail-Followup-To: References: <006601c22627$a9199000$21020a0a@mti.itb.ac.id> <002301c22649$b671bad0$d4e18aca@melsa.net.id> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002301c22649$b671bad0$d4e18aca@melsa.net.id> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG hi, you never mentioned that icmp has to be blocked as well bcuz the TTL can be expressed to find out the OS as well unless you have better suggestions because blocking ICMP aint dat cool to me. my 2 cents worth. On Mon, Jul 08, 2002 at 01:35:53PM +0700, Eko Suwarsono wrote: > There is several method to hiding your OS name/version or making a network > scanner like nmap will try harder to finished his job. > 1. You can using "iplog" (using ports in /usr/ports/net/iplog), to fooling a > portscanner guess about OS specification. > 2. Using ipfw with "Default To deny" policy, which closing all unusable > port. > 3. Changing your sysctl "blackhole" parameter : > sysctl -w net.inet.tcp.blackhole=2 > sysctl -w net.inet.udp.blackhole=1 > 4. Insert an option, > options TCP_DROP_SYNFIN # read in > /usr/src/sys/i386/conf/LINT > in your kernel configuration and recompile the kernel, but this method > not recommended if you are running webserver. > > The first article/document you must read is freebsd's handbook, you can read > it at http://www.freebsd.org or go straight to > security chapter at > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html, a > nice article about security you can found at : > http://www.defcon1.org/html/freebsd_security.html > http://www.onlamp.com/pub/a/bsd/2001/02/07/FreeBSD_Basics.html?page=1 > or...http://www.google.com..:) > > eko suwarsono > ----------------------------------------- > use perl; > program fulfillment > ----- Original Message ----- > From: "Asep Ruspeni" > To: > Sent: Monday, July 08, 2002 9:32 AM > Subject: hiding OS name > > > > I am newbie in FreeBSD OS, but i have lot of concerned in securing system. > > > > I have questions like this : > > > > - how can i set-up FreeBSD, so when it being scanned, it's show no > operating > > system name + version. > > - is there any articles i colud read about securing freeBSD such as the > > question i ask above. > > > > thank you in advance. > > > > -asep- > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- S H A N To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message