Re: [PATCH] OpenBSD Networking-related randomization port
From: Adrian Bunk
Date: Fri Jan 28 2005 - 15:05:42 EST
On Fri, Jan 28, 2005 at 06:47:55PM +0100, Lorenzo Hernández García-Hierro wrote:
> El vie, 28-01-2005 a las 18:40 +0100, Adrian Bunk escribió:
> > On Fri, Jan 28, 2005 at 06:17:17PM +0100, Lorenzo Hernández García-Hierro wrote:
> > >...
> > > As it's impact is minimal (in performance and development/maintenance
> > > terms), I recommend to merge it, as it gives a basic prevention for the
> > > so-called system fingerprinting (which is used most by "kids" to know
> > > how old and insecure could be a target system, many time used as the
> > > first, even only-one, data to decide if attack or not the target host)
> > > among other things.
> > >...
> >
> > "basic prevention"?
> > I hardly see how this patch makes OS fingerprinting by e.g. Nmap
> > impossible.
>
> That's an example, as you can find at the grsecurity handbook [1]:
>...
> "Randomized IP IDs hinders OS fingerprinting and will keep your machine
> from being a bounce for an untraceable portscan."
>...
The OS detection in Nmap [1], which is AFAIK the most popular port
scanner today works by e.g. checking the answer of an ACK to a closed
port.
I do still not understand how your patch has any impact on these issues.
> Cheers,
>...
cu
Adrian
[1] http://www.insecure.org/nmap/nmap-fingerprinting-article.html
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/