Date: Fri, 6 Jul 2001 20:09:10 -0500 (PDT) From: appleseed@hushmail.com To: security@freebsd.org Cc: avalon@coombs.anu.edu.au Subject: Re: Hiding Versions Message-ID: <200107070319.UAA11446@user7.hushmail.com>
next in thread | raw e-mail | index | archive | help
--Hushpart_boundary_tzHfCvuSGTsVhIivvROvBWCnVvnHQrHw Content-type: text/plain >wrong. Okay, I'm running a gateway A. A receives packets incoming on the internet interface to port 80 and forwards the request on the condition that its a proper SYN packet with keep-state enabled disallowing fragmentation etc. Verified, the data is forwarded via NAT to the internal machine B at port X assumed to be an integer greater than maximum privledge port and less than maximum allowed TCP port. -- request --> [ A:80 .nat.->] ---> [B:X .httpd.] B's firewall rules verify what the router already knows and sends back the proper packet. I've never had nmap verify the OS of a system based on this setup. Ever. With all due respect prove me wrong. northern_ P.S. I was hoping you would respond the way u did, since, if u did not we both know i wouldnt be using ipf anymore ;-) Free, encrypted, secure Web-based email at www.hushmail.com --Hushpart_boundary_tzHfCvuSGTsVhIivvROvBWCnVvnHQrHw-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107070319.UAA11446>