Date: Mon, 8 Jul 2002 12:31:57 -0700 From: faSty <fasty@i-sphere.com> To: Klaus Steden <klaus@compt.com> Cc: freebsd-security@freebsd.org Subject: Re: hiding OS name Message-ID: <20020708193157.GA94197@i-sphere.com> In-Reply-To: <20020708141342.G13139@cthulu.compt.com> References: <20020708111122.A33379@nexusxi.com> <20020708175214.31781.qmail@web10104.mail.yahoo.com> <20020708141342.G13139@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Problem is that when you run portsentry. If someone spoofing the packet fool portsentry trigger block on your own IP or Denial of Service with spoofing your IP and your portsentry will be useless even I had put list of IP "ignore" I.E. portsentry.ignore. I have that experience from the past. No good. -fasty On Mon, Jul 08, 2002 at 02:13:42PM -0400, Klaus Steden wrote: > > Portsentry may help (/usr/ports/security/portsentry I > > believe). Won't hide the OS, but it may shut down > > scans before they get that far. <shrug>, never tested > > it that way. > > > A friend of mine runs portsentry configured to blackhole every IP that > attempts to connect to a port where no server is running (in conjunction with > a strict firewall); that can be done in FreeBSD without using portsentry, via > the blackhole sysctl MIBs. See blackhole(4). > > It's not a bad means to keep people out of your machines. > > Klaus > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020708193157.GA94197>