[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TCP Flags question
On Wed, Dec 11, 2002 at 08:08:55AM -0500, Michael Lucas wrote:
> On Wed, Dec 11, 2002 at 02:02:28PM +0100, Henning Brauer wrote:
> > oh wow, a real advantage.
> > if someone wants to know I'm running OpenBSD he just needs to read our
> > website.
> Yes, but some of us don't want to say. Specifically, if nmap says our
> firewall is OpenBSD, the next question from IT management will be "Why
> aren't you running Checkpoint?" I'll then have to go through the
> arguments of "it's my budget, dammit, and I'll spend it where I want
> it." Concealing the OS would save me time and energy.
if somebody wants to know what version/os stuff you are running, and she
puts enough time & energy in this task, she'll end up knowing. that
said, if management is clueless about the fact that you are currently
running an open source firewall, how would they know how to use nmap?
...unless their budget was -partly- spent to subscribe to a MSP such as
Last time I checked QualysGuard(tm), a 'block in quick on $external_if
proto tcp from any to any flags FUP' stopped them from fingerprinting
the OS. That said, they also reported that PF (as of 3.0) was vulnerable
to packet fragmentation (indeed I had scrub activated. see
Saad Kadhi -- [firstname.lastname@example.org] [email@example.com]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D]
Can't fight the Systemagic