Date: Tue, 9 Jul 2002 15:52:14 +0200 From: Alex <freebsd-reply@akruijff.dds.nl> Cc: security@FreeBSD.ORG Subject: Re[2]: hiding OS name Message-ID: <5616647177.20020709155214@dds.nl> In-Reply-To: <20020708231809505.AAA981@empty1.ekahuna.com@pc02.ekahuna.com> References: <20020708231809505.AAA981@empty1.ekahuna.com@pc02.ekahuna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello/Beste Philip, Tuesday, July 09, 2002, 1:18:08 AM, you wrote: >> Date: Sun, 7 Jul 2002 21:29:42 -0700 >> From: Nathan Kinkade <nkinkade@dsl-only.com> >> >> On Mon, 8 Jul 2002 09:32:09 +0700 >> "Asep Ruspeni" <ruspeni@mti.itb.ac.id> wrote: >> >> > I am newbie in FreeBSD OS, but i have lot of concerned in securing >> > system. >> > >> > I have questions like this : >> > >> > - how can i set-up FreeBSD, so when it being scanned, it's show no >> > operating system name + version. >> > - is there any articles i colud read about securing freeBSD such as >> > the question i ask above. >> > >> > thank you in advance. >> >> What you are looking for is not really a function of FreeBSD, but rather >> of the various servers you may be running on FreeBSD such as Apache, >> FTP, Sendmail, and so on. If it's going to happen it will probably be >> something that you configure the daemon to do, however I don't know >> which allow you to do something similar other than wu-ftpd, although I'd >> guess there are others. Network scanning utilities - I'm thinking of >> nmap in particular - allow you to scan a host(s) and attempt to >> determine the OS/version based on certain peculiarities in the >> response(s). One way to help minimize the impact of this would be to >> set the net.inet.tcp.blackhole and net.inet.udp.blackhole kernel >> parameters using the sysctl utility. For more information on this >> checkout the "blackhole(4)" manpage with `man 4 blackhole`. >> >> Nathan PJK> Another option is to put the box behind a firewall. Very often if PJK> something like nmap is looking for peculiarities in the IP stack PJK> implementation to ascertain what OS is on a box, if there is a PJK> firewall in front of it it will be id'ing the firewall's IP PJK> implementation rather than the target host's. You can have openBSD on that system to look very very secure. -- Best regards/Met vriendelijke groet, Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5616647177.20020709155214>