[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP Flags question



On Wed, Dec 11, 2002 at 03:07:20PM +0100, Saad Kadhi wrote:
> On Wed, Dec 11, 2002 at 08:08:55AM -0500, Michael Lucas wrote:
> > On Wed, Dec 11, 2002 at 02:02:28PM +0100, Henning Brauer wrote:
> > > oh wow, a real advantage.
> > > if someone wants to know I'm running OpenBSD he just needs to read our
> > > website.
> > 
> > Yes, but some of us don't want to say.  Specifically, if nmap says our
> > firewall is OpenBSD, the next question from IT management will be "Why
> > aren't you running Checkpoint?"  I'll then have to go through the
> > arguments of "it's my budget, dammit, and I'll spend it where I want
> > it."  Concealing the OS would save me time and energy.
> if somebody wants to know what version/os stuff you are running, and she
> puts enough time & energy in this task,  she'll  end  up  knowing.
Absolutely.
> that
> said, if management is clueless about the fact that  you  are  currently
> running an open source firewall, how would they know how  to  use  nmap?
I work for a contracting firm, and am continually being second-guessed
by people who think they have a clue and don't actually do the work.
My goal is to a) provide security, and b) eliminate as much
second-guessing as possible.
> Last time I checked QualysGuard(tm), a 'block in quick  on  $external_if
> proto tcp from any to any flags FUP' stopped  them  from  fingerprinting
> the OS. That said, they also reported that PF (as of 3.0) was vulnerable
> to  packet  fragmentation   (indeed   I   had   scrub   activated.   see
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=101541311510238&w=2).
Thanks.
-- 
Michael Lucas		mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org
http://www.oreillynet.com/pub/q/Big_Scary_Daemons
           Absolute BSD:   http://www.AbsoluteBSD.com/