From owner-freebsd-security Mon Jul 8 10:52:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0FD137B400 for ; Mon, 8 Jul 2002 10:52:14 -0700 (PDT) Received: from web10104.mail.yahoo.com (web10104.mail.yahoo.com [216.136.130.54]) by mx1.FreeBSD.org (Postfix) with SMTP id 8549C43E09 for ; Mon, 8 Jul 2002 10:52:14 -0700 (PDT) (envelope-from twigles@yahoo.com) Message-ID: <20020708175214.31781.qmail@web10104.mail.yahoo.com> Received: from [68.5.49.41] by web10104.mail.yahoo.com via HTTP; Mon, 08 Jul 2002 10:52:14 PDT Date: Mon, 8 Jul 2002 10:52:14 -0700 (PDT) From: twig les Subject: Re: hiding OS name To: "Dalin S. Owen" , Laurence Brockman Cc: security@freebsd.org In-Reply-To: <20020708111122.A33379@nexusxi.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Portsentry may help (/usr/ports/security/portsentry I believe). Won't hide the OS, but it may shut down scans before they get that far. , never tested it that way. --- "Dalin S. Owen" wrote: > > A very easy way to fool nmap/queso: > > > add: > > options RANDOM_IP_ID > > in your kernel > > and then add: > > net.inet.ip.ttl=68 > > to your /etc/sysctl.conf > > queso reports a differnt OS each time, and Nmap has > no clue at all. > > :) > > Oh, one more thing, go in to the source for sshd and > rip the "FreeBSD" > from the bannertext and maybe lie about what version > of OpenSSH you have. > > I have found this really effective. > > Enjoy. > > > On Mon, Jul 08, 2002 at 08:11:37AM -0600, Laurence > Brockman wrote: > > I think that what the original poster was trying > to get at was when being > > scanned by something like nmap using the OS > detection (Or other tools), it > > would show no OS. > > > > This would mean changing the way the networking > layer responds to certain > > packets (ICMP, tcp sequencing, etc) and I'm not > sure if there is anything > > out there for FreeBSD (Never bothered to look). > > > > I know there are kernel patches for linux that > actually change the stack to > > emulate other OS's, thus fooling these OS > detection tools. > > > > Laurence > > > > ----- Original Message ----- > > From: "Darren Pilgrim" > > To: "Asep Ruspeni" > > Cc: > > Sent: Monday, July 08, 2002 2:02 AM > > Subject: Re: hiding OS name > > > > > > > Asep Ruspeni wrote: > > > > > > > > I am newbie in FreeBSD OS, but i have lot of > concerned in securing > > system. > > > > > > > > I have questions like this : > > > > > > > > - how can i set-up FreeBSD, so when it being > scanned, it's show no > > operating > > > > system name + version. > > > > - is there any articles i colud read about > securing freeBSD such as the > > > > question i ask above. > > > > > > > > thank you in advance. > > > > > > Hiding your OS name and version will do nothing > to increase security, > > > because the majority of people who scan for > vulnerable hosts just do > > > bulk scanning, trying their trick on everything > they find. They know > > > (or just don't care) that you can't reliably > determine the OS without > > > shell access and even then you can be tricked. > > > > > > That said, what you're looking to do is change > the banner on the > > > daemons you're running. How you do this is > specific to each daemon. > > > As usual, RTWP, JTML, RTFM, RTSL, etc. > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body > of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of > the message > > -- > Regards, > > Dalin S. Owen > Nexus XI Corp. > > Email: dowen@nexusxi.com > Web: http://www.nexusxi.com/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message