Re: How can I erase my fingertips .

From: Moti Levy (moti@flncs.com)
Date: 03/28/02


From: "Moti Levy" <moti@flncs.com>
To: <freebsd-security@freebsd.org>
Date: Thu, 28 Mar 2002 17:37:17 -0500

Cooooool
thanks Bjoern Engels
Before :
No exact OS matches for host (If you know what OS is running on it, see
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=2.54BETA31%P=i386-portbld-freebsd4.5%D=3/28%Time=3CA38B56%O=22%C=1)
TSeq(Class=TR%IPID=I%TS=100HZ)

After :
options RANDOM_IP_ID
and sysctl net.inet.ip.ttl=68 instead of 64
Remote operating system guess: AIX 4.3.2.0-4.3.3.0 on an IBM RS/*
Uptime 0.003 days (since Thu Mar 28 17:25:37 2002)
TCP Sequence Prediction: Class=truly random
                         Difficulty=9999999 (Good luck!)
IPID Sequence Generation: Randomized

----- Original Message -----
From: "Bjoern Engels" <bjoern.engels@mail.isis.de>
To: <freebsd-security@freebsd.org>; "Moti Levy" <moti@flncs.com>
Sent: Thursday, March 28, 2002 3:39 PM
Subject: Re: How can I erase my fingertips .

On Thursday, 28. March 2002 21:25, Alvaro Pereira wrote:

> On Thu, 28 Mar 2002, Moti Levy wrote:
> > I want to stop nmap from detecting my os .

> from /usr/src/sys/i386/conf/LINT
>
> #
> # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN.
> This # prevents nmap et al. from identifying the TCP/IP stack, but
> breaks support # for RFC1644 extensions and is not recommended for
> web servers. #
> options TCP_DROP_SYNFIN #drop TCP packets with
> SYN+FIN
>

Additionally, add

# RANDOM_IP_ID causes the ID field in IP packets to be randomized
options RANDOM_IP_ID

and change the default TTL.

Bjoern

--
"The number of Unix installations has grown to ten, with more expected"
                -- The Unix programmers handbook, 1972
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message