Date: Wed, 20 Apr 2005 08:21:17 -0400 From: Edwin Brown <edwin.brown@gmail.com> To: Damian Gerow <dgerow@afflictions.org> Cc: freebsd-stable@freebsd.org Subject: Re: FreeBSD and NMAP Message-ID: <8b6eae9605042005216de3f857@mail.gmail.com> In-Reply-To: <20050419185353.GB770@afflictions.org> References: <f0f70e5e0504190411241c2433@mail.gmail.com> <200504191216.24362.dom@helenmarks.co.uk> <20050419185353.GB770@afflictions.org>
next in thread | previous in thread | raw e-mail | index | archive | help
You could also just enable pf and have one scrub rule.=20 /etc/rc.conf=20 pf_enable=3D"YES" # Set to YES to enable packet filter (pf) pf_rules=3D"/etc/pf.conf" # rules definition file for pf pf_program=3D"/sbin/pfctl" # where the pfctl program lives pf_flags=3D"" # additional flags for pfctl pflog_enable=3D"YES" # Set to YES to enable packet filter logg= ing pflog_logfile=3D"/var/log/pflog" # where pflogd should store the logfile pflog_program=3D"/sbin/pflogd" # where the pflogd program lives pflog_flags=3D"" # additional flags for pflogd ---------------------------------------------------------------------------= ------------------------------------------- /etc/pf.conf scrub all no-df random-id reassemble tcp ---------------------------------------------------------------------------= ------------------------------------------- Best regards, Edwin On 4/19/05, Damian Gerow <dgerow@afflictions.org> wrote: > Thus spake Dominic Marks (dom@helenmarks.co.uk) [19/04/05 07:18]: > : On Tuesday 19 April 2005 12:11, pck wrote: > : > Hi, > : > > : > How can i hide from nmap that my OS is FreeBSD? Is this possible? > : > : # sysctl -ad | grep random_id > : net.inet.ip.random_id: Assign random ip_id values > : # echo 'net.inet.ip.random_id=3D1' >> /etc/sysctl.conf >=20 > That doesn't hide the OS. That just makes the IP ID field random. >=20 > One way to help: >=20 > echo "net.inet.tcp.drop_synfin=3D1' >> /etc/sysctl.conf >=20 > (Note that you need the "options TCP_DROP SYNFIN" line in your kernel > config.) >=20 > Other than that... randomize the packet fingerprint data. I know there's > been at least one daemon that did this on Linux, as well as a kernel patc= h > that did the same. But I'd ask: why? You're doing a significant amount = of > work for very little in return. >=20 > - Damian > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8b6eae9605042005216de3f857>