fooling nmap

[vxp]

On Sat, 4 Sep 2004, Wesley Shields wrote:
>
> That is true, but the problem with these kinds of things is that users
> will think that with a simple flip of a sysctl they are secure, when in
> fact that are no more secure than before.

that's also 100% true, however that's why documentation exists. there's
even a security section within it..
we would probably want to add something like 'obscurity is great if it's
only _one of_ the components in your security setup, not _the only_
component'. they might get the point. =)

now, another question arises

i could always code a parser for nmap fingerprints file, but i don't think
that's a good idea to include something like that in the kernel.. what do
you think? hardcode a few OS fingerprint choices, and call it a day ?

in other words, what would you guys say be a _proper_ bsd-style thing to
do, if this were to be done?

--Val