FreeBSD and NMAP
Michal 'max' Marciniak
max at felix.fizyka.amu.edu.pl
Tue Apr 19 04:48:01 PDT 2005
On Tue, 19 Apr 2005, peceka wrote:
>> > How can i hide from nmap that my OS is FreeBSD? Is this possible?
>>
>> # sysctl -ad | grep random_id
>> net.inet.ip.random_id: Assign random ip_id values
>> # echo 'net.inet.ip.random_id=1' >> /etc/sysctl.conf
>
>After that:
>Interesting ports on 192.168.1.248:
>(The 1643 ports scanned but not shown below are in state: closed)
>Port State Service
>22/tcp open ssh
>Device type: general purpose
>Running (JUST GUESSING) : FreeBSD 5.X|4.X (95%), Apple Mac OS X 10.1.X
>(88%), OpenBSD 3.X|2.X (88%), Apple Mac OS 8.X (85%)
>Aggressive OS guesses: FreeBSD 5.0-RELEASE (95%), Apple Mac OS X
>10.1.5 (88%), FreeBSD 4.3 - 4.4PRERELEASE (88%), FreeBSD 5.0-RELEASE
>(x86) (88%), FreeBSD 5.1-CURRENT (June 2003) on Sparc64 (88%), OpenBSD
>3.0 or 3.3 (88%), Apple Mac OS X 10.1.4 (Darwin Kernel 5.4) on iMac
>(86%), FreeBSD 4.5-RELEASE (or -STABLE) through 4.6-RC (X86) (86%),
>FreeBSD 4.7-RELEASE (86%), FreeBSD 5.0-RELEASE or -CURRENT (Jan 2003)
>(86%)
>No exact OS matches for host (test conditions non-ideal).
>Uptime 0.003 days (since Tue Apr 19 13:22:41 2005)
>
>So it didn't help much...
>
So, try this:
block in log quick proto tcp flags FUP/WEUAPRSF
block in log quick proto tcp flags WEUAPRSF/WEUAPRSF
block in log quick proto tcp flags SRAFU/WEUAPRSF
block in log quick proto tcp flags /WEUAPRSF
block in log quick proto tcp flags SR/SR
block in log quick proto tcp flags SF/SF
(in pf.conf)
--
Michał 'max' Marciniak
felix.fizyka.amu.edu.pl
More information about the freebsd-stable
mailing list