[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TCP Flags question
On Wed, Dec 11, 2002 at 03:07:20PM +0100, Saad Kadhi wrote:
> On Wed, Dec 11, 2002 at 08:08:55AM -0500, Michael Lucas wrote:
> > On Wed, Dec 11, 2002 at 02:02:28PM +0100, Henning Brauer wrote:
> > > oh wow, a real advantage.
> > > if someone wants to know I'm running OpenBSD he just needs to read our
> > > website.
> > Yes, but some of us don't want to say. Specifically, if nmap says our
> > firewall is OpenBSD, the next question from IT management will be "Why
> > aren't you running Checkpoint?" I'll then have to go through the
> > arguments of "it's my budget, dammit, and I'll spend it where I want
> > it." Concealing the OS would save me time and energy.
> if somebody wants to know what version/os stuff you are running, and she
> puts enough time & energy in this task, she'll end up knowing.
> said, if management is clueless about the fact that you are currently
> running an open source firewall, how would they know how to use nmap?
I work for a contracting firm, and am continually being second-guessed
by people who think they have a clue and don't actually do the work.
My goal is to a) provide security, and b) eliminate as much
second-guessing as possible.
> Last time I checked QualysGuard(tm), a 'block in quick on $external_if
> proto tcp from any to any flags FUP' stopped them from fingerprinting
> the OS. That said, they also reported that PF (as of 3.0) was vulnerable
> to packet fragmentation (indeed I had scrub activated. see
Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org
Absolute BSD: http://www.AbsoluteBSD.com/