Date: Mon, 8 Jul 2002 21:37:26 +0300 From: Peter Pentchev <roam@ringlet.net> To: Klaus Steden <klaus@compt.com> Cc: twig les <twigles@yahoo.com>, "Dalin S. Owen" <dowen@nexusxi.com>, Laurence Brockman <laurence@fluxinc.com>, security@FreeBSD.ORG Subject: Re: hiding OS name Message-ID: <20020708183726.GA363@straylight.oblivion.bg> In-Reply-To: <20020708141342.G13139@cthulu.compt.com> References: <20020708111122.A33379@nexusxi.com> <20020708175214.31781.qmail@web10104.mail.yahoo.com> <20020708141342.G13139@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Mon, Jul 08, 2002 at 02:13:42PM -0400, Klaus Steden wrote: > > Portsentry may help (/usr/ports/security/portsentry I > > believe). Won't hide the OS, but it may shut down > > scans before they get that far. <shrug>, never tested > > it that way. > > > A friend of mine runs portsentry configured to blackhole every IP that > attempts to connect to a port where no server is running (in conjunction with > a strict firewall); that can be done in FreeBSD without using portsentry, via > the blackhole sysctl MIBs. See blackhole(4). > > It's not a bad means to keep people out of your machines. I know I'm going to regret posting in this thread, but so be it :) Does your friend know that, unlikely as it is made by modern ingress and egress routing practices, IP spoofing is still not quite ruled out? Will your friend's portsentry setup happily blackhole e.g. his ISP's nameserver, or the root nameservers, or www.cnn.com's IP addresses, simply because somebody found a way to send a TCP SYN packet with a forged source address to e.g. your friend's machine's port 3? :) G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Do you think anybody has ever had *precisely this thought* before? [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9Kdvl7Ri2jRYZRVMRAmFsAKCoi3A52ydXemEawXxp4kRF5TIMlwCcDmPw lhwKLMkbJHtCYQE2hvaqsgs= =KrjA -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020708183726.GA363>