On Fri, 28 Jan 2005 18:47:55 +0100 Lorenzo Hern�ndez Garc�a-Hierro <[EMAIL PROTECTED]> wrote:
> El vie, 28-01-2005 a las 18:40 +0100, Adrian Bunk escribi�: > > On Fri, Jan 28, 2005 at 06:17:17PM +0100, Lorenzo Hern�ndez Garc�a-Hierro > > wrote: > > >... > > > As it's impact is minimal (in performance and development/maintenance > > > terms), I recommend to merge it, as it gives a basic prevention for the > > > so-called system fingerprinting (which is used most by "kids" to know > > > how old and insecure could be a target system, many time used as the > > > first, even only-one, data to decide if attack or not the target host) > > > among other things. > > >... > > > > "basic prevention"? > > I hardly see how this patch makes OS fingerprinting by e.g. Nmap > > impossible. > > That's an example, as you can find at the grsecurity handbook [1]: > > "The default Linux TCP/IP-stack has some properties that make it more > vulnerable to prediction-based hacks. By randomizing several items, > predicting the behaviour will be a lot more difficult." No it just changes the fingerprint table. "Hmm, this looks like a newer generation system, must be OpenBSD or Linux". > "Randomized IP IDs hinders OS fingerprinting and will keep your machine > from being a bounce for an untraceable portscan." > > References: > [1]: http://www.gentoo.org/proj/en/hardened/grsecurity.xml This is a very transitory effect, it works only because your machine is then different from the typical Linux machine; therefore the scanner will go on to the next obvious ones. But if this gets incorporated widely then the rarity factor goes away and this defense becomes useless. -- Stephen Hemminger <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
