fooling nmap

[Barney Wolff]

On Sat, Sep 04, 2004 at 01:28:28PM -0400, vxp wrote:
> 
> in other words, what would you guys say be a _proper_ bsd-style thing to
> do, if this were to be done?

Nothing.  If you want to pollute your kernel with nonsense of this
sort, go right ahead, but leave mine alone.  Adding frills detracts
from security, even when they're only enabled by compile-time
switches.  The netinet code is already a challenge to follow or
keep in mind all at once.  Anything that makes the problem worse
without a really big payoff is insane.

Aside from the above, nmap is a moving target, and is not the only OS
fingerprinter around.  Getting into spy-vs-spy with Fyodor is a waste
of time.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.