From owner-freebsd-stable@FreeBSD.ORG Wed Apr 20 12:21:19 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F395316A4CE for ; Wed, 20 Apr 2005 12:21:18 +0000 (GMT) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 814BC43D31 for ; Wed, 20 Apr 2005 12:21:18 +0000 (GMT) (envelope-from edwin.brown@gmail.com) Received: by zproxy.gmail.com with SMTP id 34so210161nzf for ; Wed, 20 Apr 2005 05:21:17 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Ux6ichPIjJcchZmHwgUwoMS5Z4ZRV7OV9lIknGii9e9ILZTSdZ8GVtJxOw0PsHM3oDLAT++W0Gy8cWisDuov0VNZFtgN3bLYrAAdTIPS5Kgl5gcUUTyELnombE9br3LWb0JhSri/ZRB2yVYm1UKLwqYrkyVjpvS18hOHnb4Nu9Y= Received: by 10.36.59.18 with SMTP id h18mr74564nza; Wed, 20 Apr 2005 05:21:17 -0700 (PDT) Received: by 10.36.67.5 with HTTP; Wed, 20 Apr 2005 05:21:17 -0700 (PDT) Message-ID: <8b6eae9605042005216de3f857@mail.gmail.com> Date: Wed, 20 Apr 2005 08:21:17 -0400 From: Edwin Brown To: Damian Gerow In-Reply-To: <20050419185353.GB770@afflictions.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200504191216.24362.dom@helenmarks.co.uk> <20050419185353.GB770@afflictions.org> cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD and NMAP X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Edwin Brown List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 12:21:19 -0000 You could also just enable pf and have one scrub rule.=20 /etc/rc.conf=20 pf_enable=3D"YES" # Set to YES to enable packet filter (pf) pf_rules=3D"/etc/pf.conf" # rules definition file for pf pf_program=3D"/sbin/pfctl" # where the pfctl program lives pf_flags=3D"" # additional flags for pfctl pflog_enable=3D"YES" # Set to YES to enable packet filter logg= ing pflog_logfile=3D"/var/log/pflog" # where pflogd should store the logfile pflog_program=3D"/sbin/pflogd" # where the pflogd program lives pflog_flags=3D"" # additional flags for pflogd ---------------------------------------------------------------------------= ------------------------------------------- /etc/pf.conf scrub all no-df random-id reassemble tcp ---------------------------------------------------------------------------= ------------------------------------------- Best regards, Edwin On 4/19/05, Damian Gerow wrote: > Thus spake Dominic Marks (dom@helenmarks.co.uk) [19/04/05 07:18]: > : On Tuesday 19 April 2005 12:11, pck wrote: > : > Hi, > : > > : > How can i hide from nmap that my OS is FreeBSD? Is this possible? > : > : # sysctl -ad | grep random_id > : net.inet.ip.random_id: Assign random ip_id values > : # echo 'net.inet.ip.random_id=3D1' >> /etc/sysctl.conf >=20 > That doesn't hide the OS. That just makes the IP ID field random. >=20 > One way to help: >=20 > echo "net.inet.tcp.drop_synfin=3D1' >> /etc/sysctl.conf >=20 > (Note that you need the "options TCP_DROP SYNFIN" line in your kernel > config.) >=20 > Other than that... randomize the packet fingerprint data. I know there's > been at least one daemon that did this on Linux, as well as a kernel patc= h > that did the same. But I'd ask: why? You're doing a significant amount = of > work for very little in return. >=20 > - Damian > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >