How to stealth a linux box using iptables?

How to stealth a linux box using iptables?

Post by recph.. » Wed, 09 Nov 2005 08:31:36



An NMAP run of my firewall at work revealed the OS and uptime very
well:

Running: Linux 2.6.X
OS details: Linux 2.6.7 - 2.6.8
Uptime 0.341 days (since Mon Nov 07 07:14:33 2005)
TCP Sequence Prediction: Class=random positive increments
                         Difficulty=2117151 (Good luck!)
IPID Sequence Generation: All zeros

What rule(s) or other methods are available in iptables to stealth the
OS prediction and uptime?

Currently, I am blocking all IP frags, bad combos of TCP flags, and
only have 3 ports open on the external interface.

 
 
 

How to stealth a linux box using iptables?

Post by Michael Heimin » Wed, 09 Nov 2005 17:46:11



Quote:> An NMAP run of my firewall at work revealed the OS and uptime very
> well:
> Running: Linux 2.6.X
> OS details: Linux 2.6.7 - 2.6.8
> Uptime 0.341 days (since Mon Nov 07 07:14:33 2005)
> TCP Sequence Prediction: Class=random positive increments
>                         Difficulty=2117151 (Good luck!)
> IPID Sequence Generation: All zeros
> What rule(s) or other methods are available in iptables to stealth the
> OS prediction and uptime?

If you are curious about security, I'd certainly care more about
the browser used, the most secure setup firewall won't help you,
if you insist on using IE.

BTW
If you are replying from google groups do not use its default way
which does not quote the text you are replying to. This makes it
harder for people not using google groups to help you while at
the same time annoying regulars on a daily basis. IIRC there
is an option to show text and then you can use the reply button
at the bottom. Please use that, thx.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)

#bofh excuse 141: disks spinning backwards - toggle the
hemisphere jumper.

 
 
 

How to stealth a linux box using iptables?

Post by Jacob Bunk Nielse » Wed, 09 Nov 2005 18:09:42



> What rule(s) or other methods are available in iptables to stealth the
> OS prediction and uptime?

This is not a direct solution to your question, but you could read
<http://www.insecure.org/nmap/nmap-fingerprinting-article.html> to
discover how NMAP does OS detection, and build your rules based on
that.

--
Jacob