Date: Mon, 8 Jul 2002 11:11:22 -0600 From: "Dalin S. Owen" <dowen@nexusxi.com> To: Laurence Brockman <laurence@fluxinc.com> Cc: security@freebsd.org Subject: Re: hiding OS name Message-ID: <20020708111122.A33379@nexusxi.com> In-Reply-To: <001201c22689$6049a790$140115ac@BCDOMAIN01.COM>; from laurence@fluxinc.com on Mon, Jul 08, 2002 at 08:11:37AM -0600 References: <006601c22627$a9199000$21020a0a@mti.itb.ac.id> <3D294723.7022CD07@pantherdragon.org> <001201c22689$6049a790$140115ac@BCDOMAIN01.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
A very easy way to fool nmap/queso: add: options RANDOM_IP_ID in your kernel and then add: net.inet.ip.ttl=68 to your /etc/sysctl.conf queso reports a differnt OS each time, and Nmap has no clue at all. :) Oh, one more thing, go in to the source for sshd and rip the "FreeBSD" from the bannertext and maybe lie about what version of OpenSSH you have. I have found this really effective. Enjoy. On Mon, Jul 08, 2002 at 08:11:37AM -0600, Laurence Brockman wrote: > I think that what the original poster was trying to get at was when being > scanned by something like nmap using the OS detection (Or other tools), it > would show no OS. > > This would mean changing the way the networking layer responds to certain > packets (ICMP, tcp sequencing, etc) and I'm not sure if there is anything > out there for FreeBSD (Never bothered to look). > > I know there are kernel patches for linux that actually change the stack to > emulate other OS's, thus fooling these OS detection tools. > > Laurence > > ----- Original Message ----- > From: "Darren Pilgrim" <dmp@pantherdragon.org> > To: "Asep Ruspeni" <ruspeni@mti.itb.ac.id> > Cc: <freebsd-security@FreeBSD.ORG> > Sent: Monday, July 08, 2002 2:02 AM > Subject: Re: hiding OS name > > > > Asep Ruspeni wrote: > > > > > > I am newbie in FreeBSD OS, but i have lot of concerned in securing > system. > > > > > > I have questions like this : > > > > > > - how can i set-up FreeBSD, so when it being scanned, it's show no > operating > > > system name + version. > > > - is there any articles i colud read about securing freeBSD such as the > > > question i ask above. > > > > > > thank you in advance. > > > > Hiding your OS name and version will do nothing to increase security, > > because the majority of people who scan for vulnerable hosts just do > > bulk scanning, trying their trick on everything they find. They know > > (or just don't care) that you can't reliably determine the OS without > > shell access and even then you can be tricked. > > > > That said, what you're looking to do is change the banner on the > > daemons you're running. How you do this is specific to each daemon. > > As usual, RTWP, JTML, RTFM, RTSL, etc. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Regards, Dalin S. Owen Nexus XI Corp. Email: dowen@nexusxi.com Web: http://www.nexusxi.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020708111122.A33379>