Re: hiding OS name

From: Giorgos Keramidas (keramida@ceid.upatras.gr)
Date: 07/10/02


Date: Wed, 10 Jul 2002 20:56:39 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: "Ramsey G. Brenner" <rgbrenner@myrealbox.com>

On 2002-07-08 08:34 +0000, Ramsey G. Brenner wrote:
> >From /sys/i386/conf/LINT
> #
> # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This
> # prevents nmap et al. from identifying the TCP/IP stack, but breaks support
> # for RFC1644 extensions and is not recommended for web servers.
> #
> options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
>
> Also dont forget to add
> tcp_drop_synfin="YES"
> to /etc/rc.conf

That's one thing you can do to counter some of the methods used by
tools like nmap to detect the OS type and version. You should not
forger to read the comments in LINT about this specific option. Pay
careful attention to the cases that it mentions this option should not
be used.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message