Re: hiding OS name

From: Giorgos Keramidas (keramida@ceid.upatras.gr)
Date: 07/10/02


Date: Wed, 10 Jul 2002 20:56:39 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: "Ramsey G. Brenner" <rgbrenner@myrealbox.com>

On 2002-07-08 08:34 +0000, Ramsey G. Brenner wrote:
> >From /sys/i386/conf/LINT
> #
> # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This
> # prevents nmap et al. from identifying the TCP/IP stack, but breaks support
> # for RFC1644 extensions and is not recommended for web servers.
> #
> options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
>
> Also dont forget to add
> tcp_drop_synfin="YES"
> to /etc/rc.conf

That's one thing you can do to counter some of the methods used by
tools like nmap to detect the OS type and version. You should not
forger to read the comments in LINT about this specific option. Pay
careful attention to the cases that it mentions this option should not
be used.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: How can I erase my fingertips .
    ... # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. ... # prevents nmap et al. from identifying the TCP/IP stack, but breaks support ... > I want to stop nmap from detecting my os. ...
    (FreeBSD-Security)
  • Re: hiding OS name
    ... > # prevents nmap et al. from identifying the TCP/IP stack, but breaks support ... > # for RFC1644 extensions and is not recommended for web servers. ... Only until someone enhances nmap to detect this signature and identify ... the host as running FreeBSD with the TCP_DROP_SYNFIN option enabled. ...
    (FreeBSD-Security)
  • [Full-Disclosure] Raw sockets elimination in Windows XP SP2
    ... crippling the TCP/IP stack instead of Fixing a flawed OS is not the ... According the Fyodor, author of Nmap, MS did not even implement it properly, ... companies are embracing P2P for their own internal networks, ...
    (Full-Disclosure)