On Wed, Dec 11, 2002 at 08:08:55AM -0500, Michael Lucas wrote: > On Wed, Dec 11, 2002 at 02:02:28PM +0100, Henning Brauer wrote: > > oh wow, a real advantage. > > if someone wants to know I'm running OpenBSD he just needs to read our > > website. > > Yes, but some of us don't want to say. Specifically, if nmap says our > firewall is OpenBSD, the next question from IT management will be "Why > aren't you running Checkpoint?" I'll then have to go through the > arguments of "it's my budget, dammit, and I'll spend it where I want > it." Concealing the OS would save me time and energy. if somebody wants to know what version/os stuff you are running, and she puts enough time & energy in this task, she'll end up knowing. that said, if management is clueless about the fact that you are currently running an open source firewall, how would they know how to use nmap? ...unless their budget was -partly- spent to subscribe to a MSP such as Qualys.
Last time I checked QualysGuard(tm), a 'block in quick on $external_if proto tcp from any to any flags FUP' stopped them from fingerprinting the OS. That said, they also reported that PF (as of 3.0) was vulnerable to packet fragmentation (indeed I had scrub activated. see http://marc.theaimsgroup.com/?l=openbsd-misc&m=101541311510238&w=2). Cheers. -- Saad Kadhi -- [[EMAIL PROTECTED]] [[EMAIL PROTECTED]] [pgp keyid: 35592A6D http://pgp.mit.edu] [pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D] --- Can't fight the Systemagic Uber tragic
