From owner-freebsd-security Wed Jul 10 13:14: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA65A37B401 for ; Wed, 10 Jul 2002 13:14:04 -0700 (PDT) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7937D43E54 for ; Wed, 10 Jul 2002 13:14:03 -0700 (PDT) (envelope-from keramida@ceid.upatras.gr) Received: from hades.hell.gr (patr364-a18.otenet.gr [195.167.109.50]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g6AKDxHw003551; Wed, 10 Jul 2002 23:14:00 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.5/8.12.5) with ESMTP id g6AKDY9P002685; Wed, 10 Jul 2002 23:13:56 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from charon@localhost) by hades.hell.gr (8.12.5/8.12.5/Submit) id g6AHudnQ001742; Wed, 10 Jul 2002 20:56:39 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Wed, 10 Jul 2002 20:56:39 +0300 From: Giorgos Keramidas To: "Ramsey G. Brenner" Cc: Laurence Brockman , freebsd-security@FreeBSD.org Subject: Re: hiding OS name Message-ID: <20020710175639.GE1118@hades.hell.gr> References: <006601c22627$a9199000$21020a0a@mti.itb.ac.id> <3D294723.7022CD07@pantherdragon.org> <001201c22689$6049a790$140115ac@BCDOMAIN01.COM> <200207080834.53431.rgbrenner@myrealbox.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200207080834.53431.rgbrenner@myrealbox.com> X-Operating-System: FreeBSD 5.0-CURRENT i386 X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-Phone: +30-944-116520 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2002-07-08 08:34 +0000, Ramsey G. Brenner wrote: > >From /sys/i386/conf/LINT > # > # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This > # prevents nmap et al. from identifying the TCP/IP stack, but breaks support > # for RFC1644 extensions and is not recommended for web servers. > # > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN > > Also dont forget to add > tcp_drop_synfin="YES" > to /etc/rc.conf That's one thing you can do to counter some of the methods used by tools like nmap to detect the OS type and version. You should not forger to read the comments in LINT about this specific option. Pay careful attention to the cases that it mentions this option should not be used. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message