From owner-freebsd-security Mon Jul 8 7:34:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 954D437B400 for ; Mon, 8 Jul 2002 07:34:19 -0700 (PDT) Received: from gull.mail.pas.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4424343E09 for ; Mon, 8 Jul 2002 07:34:19 -0700 (PDT) (envelope-from rgbrenner@myrealbox.com) Received: from dialup-209.245.0.155.dial1.denver1.level3.net ([209.245.0.155] helo=localhost) by gull.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 17RZai-0001DG-00; Mon, 08 Jul 2002 10:34:17 -0400 Content-Type: text/plain; charset="iso-8859-1" From: "Ramsey G. Brenner" To: "Laurence Brockman" Subject: Re: hiding OS name Date: Mon, 8 Jul 2002 08:34:53 -0600 X-Mailer: KMail [version 1.4] References: <006601c22627$a9199000$21020a0a@mti.itb.ac.id> <3D294723.7022CD07@pantherdragon.org> <001201c22689$6049a790$140115ac@BCDOMAIN01.COM> In-Reply-To: <001201c22689$6049a790$140115ac@BCDOMAIN01.COM> Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200207080834.53431.rgbrenner@myrealbox.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org =46rom /sys/i386/conf/LINT # # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. Thi= s # prevents nmap et al. from identifying the TCP/IP stack, but breaks supp= ort # for RFC1644 extensions and is not recommended for web servers. # options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN Also dont forget to add tcp_drop_synfin=3D"YES" to /etc/rc.conf --=20 ---------- Ramsey G. Brenner rgbrenner@myrealbox.com http://rgbrenner.cjb.net/ On Monday 08 July 2002 08:11 am, Laurence Brockman wrote: > I think that what the original poster was trying to get at was when bei= ng > scanned by something like nmap using the OS detection (Or other tools),= it > would show no OS. > > This would mean changing the way the networking layer responds to certa= in > packets (ICMP, tcp sequencing, etc) and I'm not sure if there is anythi= ng > out there for FreeBSD (Never bothered to look). > > I know there are kernel patches for linux that actually change the stac= k to > emulate other OS's, thus fooling these OS detection tools. > > Laurence > > ----- Original Message ----- > From: "Darren Pilgrim" > To: "Asep Ruspeni" > Cc: > Sent: Monday, July 08, 2002 2:02 AM > Subject: Re: hiding OS name > > > Asep Ruspeni wrote: > > > I am newbie in FreeBSD OS, but i have lot of concerned in securing > > system. > > > > I have questions like this : > > > > > > - how can i set-up FreeBSD, so when it being scanned, it's show no > > operating > > > > system name + version. > > > - is there any articles i colud read about securing freeBSD such as= the > > > question i ask above. > > > > > > thank you in advance. > > > > Hiding your OS name and version will do nothing to increase security, > > because the majority of people who scan for vulnerable hosts just do > > bulk scanning, trying their trick on everything they find. They know > > (or just don't care) that you can't reliably determine the OS without > > shell access and even then you can be tricked. > > > > That said, what you're looking to do is change the banner on the > > daemons you're running. How you do this is specific to each daemon. > > As usual, RTWP, JTML, RTFM, RTSL, etc. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message