Date: Mon, 8 Jul 2002 10:52:14 -0700 (PDT) From: twig les <twigles@yahoo.com> To: "Dalin S. Owen" <dowen@nexusxi.com>, Laurence Brockman <laurence@fluxinc.com> Cc: security@freebsd.org Subject: Re: hiding OS name Message-ID: <20020708175214.31781.qmail@web10104.mail.yahoo.com> In-Reply-To: <20020708111122.A33379@nexusxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Portsentry may help (/usr/ports/security/portsentry I believe). Won't hide the OS, but it may shut down scans before they get that far. <shrug>, never tested it that way. --- "Dalin S. Owen" <dowen@nexusxi.com> wrote: > > A very easy way to fool nmap/queso: > > > add: > > options RANDOM_IP_ID > > in your kernel > > and then add: > > net.inet.ip.ttl=68 > > to your /etc/sysctl.conf > > queso reports a differnt OS each time, and Nmap has > no clue at all. > > :) > > Oh, one more thing, go in to the source for sshd and > rip the "FreeBSD" > from the bannertext and maybe lie about what version > of OpenSSH you have. > > I have found this really effective. > > Enjoy. > > > On Mon, Jul 08, 2002 at 08:11:37AM -0600, Laurence > Brockman wrote: > > I think that what the original poster was trying > to get at was when being > > scanned by something like nmap using the OS > detection (Or other tools), it > > would show no OS. > > > > This would mean changing the way the networking > layer responds to certain > > packets (ICMP, tcp sequencing, etc) and I'm not > sure if there is anything > > out there for FreeBSD (Never bothered to look). > > > > I know there are kernel patches for linux that > actually change the stack to > > emulate other OS's, thus fooling these OS > detection tools. > > > > Laurence > > > > ----- Original Message ----- > > From: "Darren Pilgrim" <dmp@pantherdragon.org> > > To: "Asep Ruspeni" <ruspeni@mti.itb.ac.id> > > Cc: <freebsd-security@FreeBSD.ORG> > > Sent: Monday, July 08, 2002 2:02 AM > > Subject: Re: hiding OS name > > > > > > > Asep Ruspeni wrote: > > > > > > > > I am newbie in FreeBSD OS, but i have lot of > concerned in securing > > system. > > > > > > > > I have questions like this : > > > > > > > > - how can i set-up FreeBSD, so when it being > scanned, it's show no > > operating > > > > system name + version. > > > > - is there any articles i colud read about > securing freeBSD such as the > > > > question i ask above. > > > > > > > > thank you in advance. > > > > > > Hiding your OS name and version will do nothing > to increase security, > > > because the majority of people who scan for > vulnerable hosts just do > > > bulk scanning, trying their trick on everything > they find. They know > > > (or just don't care) that you can't reliably > determine the OS without > > > shell access and even then you can be tricked. > > > > > > That said, what you're looking to do is change > the banner on the > > > daemons you're running. How you do this is > specific to each daemon. > > > As usual, RTWP, JTML, RTFM, RTSL, etc. > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body > of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of > the message > > -- > Regards, > > Dalin S. Owen > Nexus XI Corp. > > Email: dowen@nexusxi.com > Web: http://www.nexusxi.com/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020708175214.31781.qmail>