On Wed, Dec 11, 2002 at 02:02:28PM +0100, Henning Brauer wrote: > On Tue, Dec 10, 2002 at 10:27:02PM -0600, James Nobis wrote: > > I use to use S/SA without much of a thought to it and nmap -O happily said I was > > running Openbsd with scrub in all. Upon changing my rule to a S/SAFPRU you can > > nmap -O till you are blue in the face and nmap is clueless. I think that a > > decent advantage. If you are just writing a rule for inbound connections ie a > > webserver and you keep state then S/SAFPRU will make detection of the os > > difficult if not impossible (assuming you block all other ports that aren't > > open.) It all falls upon how paranoid you are I suppose. > > oh wow, a real advantage. > if someone wants to know I'm running OpenBSD he just needs to read our > website.
Yes, but some of us don't want to say. Specifically, if nmap says our firewall is OpenBSD, the next question from IT management will be "Why aren't you running Checkpoint?" I'll then have to go through the arguments of "it's my budget, dammit, and I'll spend it where I want it." Concealing the OS would save me time and energy. My question is, are the flags above reasonable if concealing your OS is your goal? ==ml -- Michael Lucas [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.oreillynet.com/pub/q/Big_Scary_Daemons Absolute BSD: http://www.AbsoluteBSD.com/
