From owner-freebsd-net@FreeBSD.ORG Sun Sep 5 00:50:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4172416A4CE for ; Sun, 5 Sep 2004 00:50:32 +0000 (GMT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2A4A43D1F for ; Sun, 5 Sep 2004 00:50:29 +0000 (GMT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.13.1/8.13.1) with ESMTP id i850oJel073040; Sat, 4 Sep 2004 20:50:19 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.13.1/8.13.1/Submit) id i850oJFU073039; Sat, 4 Sep 2004 20:50:19 -0400 (EDT) (envelope-from barney) Date: Sat, 4 Sep 2004 20:50:19 -0400 From: Barney Wolff To: vxp Message-ID: <20040905005019.GA72836@pit.databus.com> References: <20040904093042.B37306@digital-security.org> <20040904175028.GA25772@csh.rit.edu> <20040904132345.A38065@digital-security.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040904132345.A38065@digital-security.org> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.44 cc: freebsd-net@freebsd.org cc: Colin Alston cc: Wesley Shields Subject: Re: fooling nmap X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Sep 2004 00:50:32 -0000 On Sat, Sep 04, 2004 at 01:28:28PM -0400, vxp wrote: > > in other words, what would you guys say be a _proper_ bsd-style thing to > do, if this were to be done? Nothing. If you want to pollute your kernel with nonsense of this sort, go right ahead, but leave mine alone. Adding frills detracts from security, even when they're only enabled by compile-time switches. The netinet code is already a challenge to follow or keep in mind all at once. Anything that makes the problem worse without a really big payoff is insane. Aside from the above, nmap is a moving target, and is not the only OS fingerprinter around. Getting into spy-vs-spy with Fyodor is a waste of time. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.