From owner-freebsd-security  Thu Mar 28 12:35:15 2002
Delivered-To: freebsd-security@freebsd.org
Received: from harrier.csrv.uidaho.edu (harrier.csrv.uidaho.edu [129.101.119.224])
	by hub.freebsd.org (Postfix) with ESMTP id 6216E37B41B
	for <freebsd-security@FreeBSD.ORG>; Thu, 28 Mar 2002 12:34:51 -0800 (PST)
Received: from uidaho.edu (oblivion.csrv-staff.uidaho.edu [129.101.66.165])
	by harrier.csrv.uidaho.edu (8.9.3 (PHNE_22672)/) with ESMTP id MAA22879;
	Thu, 28 Mar 2002 12:33:24 -0800 (PST)
Message-Id: <200203282033.MAA22879@harrier.csrv.uidaho.edu>
Date: Thu, 28 Mar 2002 12:33:03 -0800 (PST)
From: Jon DeShirley <jond@uidaho.edu>
Subject: Re: How can I erase my fingertips .
To: Moti Levy <moti@flncs.com>
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <056f01c1d694$12084400$fd6e34c6@moti>
MIME-Version: 1.0
Content-Type: TEXT/plain; CHARSET=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 28 Mar, Moti Levy wrote:
> I want to stop nmap from detecting my os .

If you use ipfilter, use this rule:

block in quick on xl0 proto tcp all flags FUP

Also, to be truly sure:

block in quick all with ipopts
block in quick all with short
block in quick all with frag

And in your kernel (if you've read the caveats in LINT)

options         TCP_DROP_SYNFIN

These should do a reasonably good job of hiding your from NMAP scans. 
Of course, these don't really hide you from passive OS fingerprinting
with tools like Siphon, but that's another matter entirely.

--jon


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message