Re: hiding OS name

From: Dalin S. Owen (dowen@nexusxi.com)
Date: 07/08/02


Date: Mon, 8 Jul 2002 11:11:22 -0600
From: "Dalin S. Owen" <dowen@nexusxi.com>
To: Laurence Brockman <laurence@fluxinc.com>


A very easy way to fool nmap/queso:

add:

options RANDOM_IP_ID

in your kernel

and then add:

net.inet.ip.ttl=68

to your /etc/sysctl.conf

queso reports a differnt OS each time, and Nmap has no clue at all.

:)

Oh, one more thing, go in to the source for sshd and rip the "FreeBSD"
from the bannertext and maybe lie about what version of OpenSSH you have.

I have found this really effective.

Enjoy.

On Mon, Jul 08, 2002 at 08:11:37AM -0600, Laurence Brockman wrote:
> I think that what the original poster was trying to get at was when being
> scanned by something like nmap using the OS detection (Or other tools), it
> would show no OS.
>
> This would mean changing the way the networking layer responds to certain
> packets (ICMP, tcp sequencing, etc) and I'm not sure if there is anything
> out there for FreeBSD (Never bothered to look).
>
> I know there are kernel patches for linux that actually change the stack to
> emulate other OS's, thus fooling these OS detection tools.
>
> Laurence
>
> ----- Original Message -----
> From: "Darren Pilgrim" <dmp@pantherdragon.org>
> To: "Asep Ruspeni" <ruspeni@mti.itb.ac.id>
> Cc: <freebsd-security@FreeBSD.ORG>
> Sent: Monday, July 08, 2002 2:02 AM
> Subject: Re: hiding OS name
>
>
> > Asep Ruspeni wrote:
> > >
> > > I am newbie in FreeBSD OS, but i have lot of concerned in securing
> system.
> > >
> > > I have questions like this :
> > >
> > > - how can i set-up FreeBSD, so when it being scanned, it's show no
> operating
> > > system name + version.
> > > - is there any articles i colud read about securing freeBSD such as the
> > > question i ask above.
> > >
> > > thank you in advance.
> >
> > Hiding your OS name and version will do nothing to increase security,
> > because the majority of people who scan for vulnerable hosts just do
> > bulk scanning, trying their trick on everything they find. They know
> > (or just don't care) that you can't reliably determine the OS without
> > shell access and even then you can be tricked.
> >
> > That said, what you're looking to do is change the banner on the
> > daemons you're running. How you do this is specific to each daemon.
> > As usual, RTWP, JTML, RTFM, RTSL, etc.
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Regards,
Dalin S. Owen
Nexus XI Corp.
Email: dowen@nexusxi.com
Web: http://www.nexusxi.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • FreeBSD Status report for Oct-Dec 2003
    ... Bluetooth stack for FreeBSD ... Not much to report. ... Bluetooth kernel modules appear to be stable. ... concerns and some src committers are willing to commit the patches. ...
    (freebsd-current)
  • FreeBSD Status Report for Oct-Dec 2003
    ... Bluetooth stack for FreeBSD ... Not much to report. ... Bluetooth kernel modules appear to be stable. ... concerns and some src committers are willing to commit the patches. ...
    (freebsd-hackers)
  • FreeBSD Status Report for Oct-Dec 2003
    ... Bluetooth stack for FreeBSD ... Not much to report. ... Bluetooth kernel modules appear to be stable. ... concerns and some src committers are willing to commit the patches. ...
    (freebsd-stable)
  • FreeBSD 7.3, reboot after panic: double fault
    ... I've upgraded freebsd from 7.0 to 7.3 and all was good until I tryed to ... configure gre interface and use ipfw fwd. ... server got kernel panic at that moment. ... # kgdb kernel.debug /var/crash/vmcore.2 ...
    (freebsd-stable)
  • RE: FreeBSD 4.11 P13 Crash
    ... I do not want to jinx myself, but after back revving to FreeBSD 4.9 + ... think it is related to IPFilter in conjunction with 4 Intel nics and/or ... page fault while in kernel mode ... Okay this time my kernel was recompiled so there are no modules to ...
    (freebsd-hackers)