Re: hiding OS name

From: faSty (fasty@i-sphere.com)
Date: 07/08/02


Date: Mon, 8 Jul 2002 12:31:57 -0700
From: faSty <fasty@i-sphere.com>
To: Klaus Steden <klaus@compt.com>

Problem is that when you run portsentry. If someone spoofing the packet
fool portsentry trigger block on your own IP or Denial of Service
with spoofing your IP and your portsentry will be useless even
I had put list of IP "ignore" I.E. portsentry.ignore.

I have that experience from the past. No good.

-fasty

On Mon, Jul 08, 2002 at 02:13:42PM -0400, Klaus Steden wrote:
> > Portsentry may help (/usr/ports/security/portsentry I
> > believe). Won't hide the OS, but it may shut down
> > scans before they get that far. <shrug>, never tested
> > it that way.
> >
> A friend of mine runs portsentry configured to blackhole every IP that
> attempts to connect to a port where no server is running (in conjunction with
> a strict firewall); that can be done in FreeBSD without using portsentry, via
> the blackhole sysctl MIBs. See blackhole(4).
>
> It's not a bad means to keep people out of your machines.
>
> Klaus
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message