Re: hiding OS name

From: Dalin S. Owen (dowen@nexusxi.com)
Date: 07/08/02


Date: Mon, 8 Jul 2002 11:11:22 -0600
From: "Dalin S. Owen" <dowen@nexusxi.com>
To: Laurence Brockman <laurence@fluxinc.com>


A very easy way to fool nmap/queso:

add:

options RANDOM_IP_ID

in your kernel

and then add:

net.inet.ip.ttl=68

to your /etc/sysctl.conf

queso reports a differnt OS each time, and Nmap has no clue at all.

:)

Oh, one more thing, go in to the source for sshd and rip the "FreeBSD"
from the bannertext and maybe lie about what version of OpenSSH you have.

I have found this really effective.

Enjoy.

On Mon, Jul 08, 2002 at 08:11:37AM -0600, Laurence Brockman wrote:
> I think that what the original poster was trying to get at was when being
> scanned by something like nmap using the OS detection (Or other tools), it
> would show no OS.
>
> This would mean changing the way the networking layer responds to certain
> packets (ICMP, tcp sequencing, etc) and I'm not sure if there is anything
> out there for FreeBSD (Never bothered to look).
>
> I know there are kernel patches for linux that actually change the stack to
> emulate other OS's, thus fooling these OS detection tools.
>
> Laurence
>
> ----- Original Message -----
> From: "Darren Pilgrim" <dmp@pantherdragon.org>
> To: "Asep Ruspeni" <ruspeni@mti.itb.ac.id>
> Cc: <freebsd-security@FreeBSD.ORG>
> Sent: Monday, July 08, 2002 2:02 AM
> Subject: Re: hiding OS name
>
>
> > Asep Ruspeni wrote:
> > >
> > > I am newbie in FreeBSD OS, but i have lot of concerned in securing
> system.
> > >
> > > I have questions like this :
> > >
> > > - how can i set-up FreeBSD, so when it being scanned, it's show no
> operating
> > > system name + version.
> > > - is there any articles i colud read about securing freeBSD such as the
> > > question i ask above.
> > >
> > > thank you in advance.
> >
> > Hiding your OS name and version will do nothing to increase security,
> > because the majority of people who scan for vulnerable hosts just do
> > bulk scanning, trying their trick on everything they find. They know
> > (or just don't care) that you can't reliably determine the OS without
> > shell access and even then you can be tricked.
> >
> > That said, what you're looking to do is change the banner on the
> > daemons you're running. How you do this is specific to each daemon.
> > As usual, RTWP, JTML, RTFM, RTSL, etc.
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Regards,
Dalin S. Owen
Nexus XI Corp.
Email: dowen@nexusxi.com
Web: http://www.nexusxi.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message