Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Mar 2010 00:53:00 +0100
From:      "pawelekc@gmail.com" <pawelekc@gmail.com>
To:        freebsd-net@freebsd.org
Subject:   Protection against passive fingerprinting
Message-ID:  <c6b9a7811003141653x41746a80x2bd25fa0add2313a@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Is there a good way to hide number computers behind NAT?

I was trying scrub in PF but it only changes sequnece number and
timestamp to random value and rest of the packet is the same (ex.
window size). Outgoing traffic is very sick and very suspicious.

I would like to make outgoing syn packets look the same so I
redirected main traffic (http) into www-proxy what makes majority
traffic looks the same. Unfortunately rest of packets which go through
NAT depend on kind of system from where they are sended. I thought
about synproxy state in PF and I made some tests.

At first I'll show what I have done.

[Internet] --- rl0(serwer)rl1 --- [Lan]

(ports are only examples)
pass in on rl1 proto tcp from any to any port {443, 8080} flags S/SA
synproxy state

Everything works fine. Every outgoing nated syn packet looks the same
but they don't look like system's syn packets. Here is listing from
p0f on rl0:

(I have change default ttl and disabled timestamps)

10.0.0.101:62346 - UNKNOWN [0:128:1:44:M1460:.:?:?] [high throughput]
-> 91.111.11.11:443 (link: ethernet/modem) ##synproxy state###
10.0.0.101:57584 - UNKNOWN [65535:128:1:48:M1460,S,E:P:?:?] ->
193.11.11.11:80 (link: ethernet/modem) ##system syn##

As we can see they are diffrent. In first (except window size which is
0) there is no option. I second we can se window size 65536, ttl, size
of syn, MSS, SackOn, EOL.

1.Why does synproxy's syn have 0 windowsize?! and why in general these
both packets are diffrent


2.Why freebsd 8.0 ends tcp options witch EOL (E)?

When rfc1323 (timestamps) is enabled it looks like this (there is no EOL):

10.0.0.101:55225 - UNKNOWN [65535:128:1:60:M1460,N,W3,S,T:.:?:?] (up:
730 hrs) -> 12.123.45.76:80 (link: ethernet/modem)

5. how to enable auto negotiate mss in freebsd 8.0? (I have seen that
it was default in previous versions ex. FreeBSD:5.1-current)

4. Is there possible to change freebsd tcp stack to make freebsd looks
like windows or linux? maybe it's necessary to change something in
kernel source but where?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c6b9a7811003141653x41746a80x2bd25fa0add2313a>