[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP Flags question



On Wed, Dec 11, 2002 at 08:08:55AM -0500, Michael Lucas wrote:
> On Wed, Dec 11, 2002 at 02:02:28PM +0100, Henning Brauer wrote:
> > oh wow, a real advantage.
> > if someone wants to know I'm running OpenBSD he just needs to read our
> > website.
> 
> Yes, but some of us don't want to say.  Specifically, if nmap says our
> firewall is OpenBSD, the next question from IT management will be "Why
> aren't you running Checkpoint?"  I'll then have to go through the
> arguments of "it's my budget, dammit, and I'll spend it where I want
> it."  Concealing the OS would save me time and energy.
if somebody wants to know what version/os stuff you are running, and she
puts enough time & energy in this task,  she'll  end  up  knowing.  that
said, if management is clueless about the fact that  you  are  currently
running an open source firewall, how would they know how  to  use  nmap?
...unless their budget was -partly- spent to subscribe to a MSP such  as
Qualys.
Last time I checked QualysGuard(tm), a 'block in quick  on  $external_if
proto tcp from any to any flags FUP' stopped  them  from  fingerprinting
the OS. That said, they also reported that PF (as of 3.0) was vulnerable
to  packet  fragmentation   (indeed   I   had   scrub   activated.   see
http://marc.theaimsgroup.com/?l=openbsd-misc&m=101541311510238&w=2).
Cheers.
-- 
Saad Kadhi -- [saad@docisland.org] [bsdguy@docisland.org]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63  65EB 34F1 DBBF 3559 2A6D]
---
Can't fight the Systemagic
Uber tragic