Date: Thu, 28 Mar 2002 21:39:51 +0100 From: Bjoern Engels <bjoern.engels@mail.isis.de> To: freebsd-security@freebsd.org, Moti Levy <moti@flncs.com> Subject: Re: How can I erase my fingertips . Message-ID: <E16qggb-000Ndz-00@pumaman.dyndns.org> In-Reply-To: <20020328172259.C73793-100000@cianet.cianet.ind.br> References: <20020328172259.C73793-100000@cianet.cianet.ind.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, 28. March 2002 21:25, Alvaro Pereira wrote:
> On Thu, 28 Mar 2002, Moti Levy wrote:
> > I want to stop nmap from detecting my os .
> from /usr/src/sys/i386/conf/LINT
>
> #
> # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN.
> This # prevents nmap et al. from identifying the TCP/IP stack, but
> breaks support # for RFC1644 extensions and is not recommended for
> web servers. #
> options TCP_DROP_SYNFIN #drop TCP packets with
> SYN+FIN
>
Additionally, add
# RANDOM_IP_ID causes the ID field in IP packets to be randomized
options RANDOM_IP_ID
and change the default TTL.
Bjoern
--=20
"The number of Unix installations has grown to ten, with more expected"
-- The Unix programmers handbook, 1972
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E16qggb-000Ndz-00>