Re: hiding OS name
From: Dalin S. Owen (dowen@nexusxi.com)
Date: 07/08/02
- Next message: twig les: "Re: NTP security - (was Any security issues with root's cron job?)"
- Previous message: Don Lewis: "Re: hiding OS name"
- In reply to: Laurence Brockman: "Re: hiding OS name"
- Next in thread: twig les: "Re: hiding OS name"
- Reply: twig les: "Re: hiding OS name"
- Reply: Giorgos Keramidas: "Re: hiding OS name"
- Reply: Dag-Erling Smorgrav: "Re: hiding OS name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 8 Jul 2002 11:11:22 -0600 From: "Dalin S. Owen" <dowen@nexusxi.com> To: Laurence Brockman <laurence@fluxinc.com>
A very easy way to fool nmap/queso:
add:
options RANDOM_IP_ID
in your kernel
and then add:
net.inet.ip.ttl=68
to your /etc/sysctl.conf
queso reports a differnt OS each time, and Nmap has no clue at all.
:)
Oh, one more thing, go in to the source for sshd and rip the "FreeBSD"
from the bannertext and maybe lie about what version of OpenSSH you have.
I have found this really effective.
Enjoy.
On Mon, Jul 08, 2002 at 08:11:37AM -0600, Laurence Brockman wrote:
> I think that what the original poster was trying to get at was when being
> scanned by something like nmap using the OS detection (Or other tools), it
> would show no OS.
>
> This would mean changing the way the networking layer responds to certain
> packets (ICMP, tcp sequencing, etc) and I'm not sure if there is anything
> out there for FreeBSD (Never bothered to look).
>
> I know there are kernel patches for linux that actually change the stack to
> emulate other OS's, thus fooling these OS detection tools.
>
> Laurence
>
> ----- Original Message -----
> From: "Darren Pilgrim" <dmp@pantherdragon.org>
> To: "Asep Ruspeni" <ruspeni@mti.itb.ac.id>
> Cc: <freebsd-security@FreeBSD.ORG>
> Sent: Monday, July 08, 2002 2:02 AM
> Subject: Re: hiding OS name
>
>
> > Asep Ruspeni wrote:
> > >
> > > I am newbie in FreeBSD OS, but i have lot of concerned in securing
> system.
> > >
> > > I have questions like this :
> > >
> > > - how can i set-up FreeBSD, so when it being scanned, it's show no
> operating
> > > system name + version.
> > > - is there any articles i colud read about securing freeBSD such as the
> > > question i ask above.
> > >
> > > thank you in advance.
> >
> > Hiding your OS name and version will do nothing to increase security,
> > because the majority of people who scan for vulnerable hosts just do
> > bulk scanning, trying their trick on everything they find. They know
> > (or just don't care) that you can't reliably determine the OS without
> > shell access and even then you can be tricked.
> >
> > That said, what you're looking to do is change the banner on the
> > daemons you're running. How you do this is specific to each daemon.
> > As usual, RTWP, JTML, RTFM, RTSL, etc.
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- Regards, Dalin S. Owen Nexus XI Corp. Email: dowen@nexusxi.com Web: http://www.nexusxi.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: twig les: "Re: NTP security - (was Any security issues with root's cron job?)"
- Previous message: Don Lewis: "Re: hiding OS name"
- In reply to: Laurence Brockman: "Re: hiding OS name"
- Next in thread: twig les: "Re: hiding OS name"
- Reply: twig les: "Re: hiding OS name"
- Reply: Giorgos Keramidas: "Re: hiding OS name"
- Reply: Dag-Erling Smorgrav: "Re: hiding OS name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
