From owner-freebsd-security Mon Jul 8 10:11:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F14AE37B400 for ; Mon, 8 Jul 2002 10:11:36 -0700 (PDT) Received: from nexusxi.com (balistraria.nexusxi.com [216.123.202.196]) by mx1.FreeBSD.org (Postfix) with SMTP id 0C1D443E4A for ; Mon, 8 Jul 2002 10:11:36 -0700 (PDT) (envelope-from dowen@nexusxi.com) Received: (qmail 33508 invoked by uid 1000); 8 Jul 2002 17:11:22 -0000 Date: Mon, 8 Jul 2002 11:11:22 -0600 From: "Dalin S. Owen" To: Laurence Brockman Cc: security@freebsd.org Subject: Re: hiding OS name Message-ID: <20020708111122.A33379@nexusxi.com> References: <006601c22627$a9199000$21020a0a@mti.itb.ac.id> <3D294723.7022CD07@pantherdragon.org> <001201c22689$6049a790$140115ac@BCDOMAIN01.COM> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <001201c22689$6049a790$140115ac@BCDOMAIN01.COM>; from laurence@fluxinc.com on Mon, Jul 08, 2002 at 08:11:37AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org A very easy way to fool nmap/queso: add: options RANDOM_IP_ID in your kernel and then add: net.inet.ip.ttl=68 to your /etc/sysctl.conf queso reports a differnt OS each time, and Nmap has no clue at all. :) Oh, one more thing, go in to the source for sshd and rip the "FreeBSD" from the bannertext and maybe lie about what version of OpenSSH you have. I have found this really effective. Enjoy. On Mon, Jul 08, 2002 at 08:11:37AM -0600, Laurence Brockman wrote: > I think that what the original poster was trying to get at was when being > scanned by something like nmap using the OS detection (Or other tools), it > would show no OS. > > This would mean changing the way the networking layer responds to certain > packets (ICMP, tcp sequencing, etc) and I'm not sure if there is anything > out there for FreeBSD (Never bothered to look). > > I know there are kernel patches for linux that actually change the stack to > emulate other OS's, thus fooling these OS detection tools. > > Laurence > > ----- Original Message ----- > From: "Darren Pilgrim" > To: "Asep Ruspeni" > Cc: > Sent: Monday, July 08, 2002 2:02 AM > Subject: Re: hiding OS name > > > > Asep Ruspeni wrote: > > > > > > I am newbie in FreeBSD OS, but i have lot of concerned in securing > system. > > > > > > I have questions like this : > > > > > > - how can i set-up FreeBSD, so when it being scanned, it's show no > operating > > > system name + version. > > > - is there any articles i colud read about securing freeBSD such as the > > > question i ask above. > > > > > > thank you in advance. > > > > Hiding your OS name and version will do nothing to increase security, > > because the majority of people who scan for vulnerable hosts just do > > bulk scanning, trying their trick on everything they find. They know > > (or just don't care) that you can't reliably determine the OS without > > shell access and even then you can be tricked. > > > > That said, what you're looking to do is change the banner on the > > daemons you're running. How you do this is specific to each daemon. > > As usual, RTWP, JTML, RTFM, RTSL, etc. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Regards, Dalin S. Owen Nexus XI Corp. Email: dowen@nexusxi.com Web: http://www.nexusxi.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message