Re: hiding OS name

From: Peter Pentchev (roam@ringlet.net)
Date: 07/08/02


Date: Mon, 8 Jul 2002 21:37:26 +0300
From: Peter Pentchev <roam@ringlet.net>
To: Klaus Steden <klaus@compt.com>


On Mon, Jul 08, 2002 at 02:13:42PM -0400, Klaus Steden wrote:
> > Portsentry may help (/usr/ports/security/portsentry I
> > believe). Won't hide the OS, but it may shut down
> > scans before they get that far. <shrug>, never tested
> > it that way.
> >
> A friend of mine runs portsentry configured to blackhole every IP that
> attempts to connect to a port where no server is running (in conjunction with
> a strict firewall); that can be done in FreeBSD without using portsentry, via
> the blackhole sysctl MIBs. See blackhole(4).
>
> It's not a bad means to keep people out of your machines.

I know I'm going to regret posting in this thread, but so be it :)

Does your friend know that, unlikely as it is made by modern ingress and
egress routing practices, IP spoofing is still not quite ruled out?
Will your friend's portsentry setup happily blackhole e.g. his ISP's
nameserver, or the root nameservers, or www.cnn.com's IP addresses,
simply because somebody found a way to send a TCP SYN packet with a
forged source address to e.g. your friend's machine's port 3? :)

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
Do you think anybody has ever had *precisely this thought* before?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages

  • Re: hiding OS name
    ... >>> A friend of mine runs portsentry configured to ... >> Does your friend know that, ... >> blackhole e.g. his ISP's ... And if I start with the right netblocks, ...
    (FreeBSD-Security)
  • Re: hiding OS name
    ... >> A friend of mine runs portsentry configured to ... >> the blackhole sysctl MIBs. ... Sign up for SBC Yahoo! ...
    (FreeBSD-Security)