Hi Ben, use IPFilter or better a real firewall to block everything ;-)
nmap sends a variety of generated packages and has a database of responses which it tries to match. Depended on the version of number there are two different methods: IRC nmap >=4.20 uses a second generation engine with a huge variety of probes (http://insecure.org/nmap/osdetect/osdetect-methods.html). First generation is less sophisticated, see also ${prefix}/share/nmap/nmap-os-fingerprints . I don't know of a guide how to do it, but I would try "ndd /dev/{tcp,udp,icmp,ip} \?" look and the output and the URL above, modify settings and verify with nmap. But: You should ask yourself whether it's really the right thing to do to disguise your box. Maybe your time is spend better in hardening the Solaris machine by using e.g. a zone for exposed services, standard Unix stuff or TX. HTH, Dirk On 05/29/2007 09:13 PM, 455rocket wrote: > Anyone has good links to guide someone that would want to avoid their > Solaris-10 TCP/IP stack being poked at and reveal the running OS ? > I know there might be thousands of ways to derive some data to detect the OS, > but if I could get guidelines to make system changes that would stop most of > the widely known/used fingerprinting techniques from software and services > (nmap, Netcraft ...) that would be very appreciated. > > Regards, > Ben. > > > This message posted from opensolaris.org > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org -- Dr. Wetter IT Consulting http://drwetter.org IT Security + Open Source Key fingerprint = 80A2 742B 8195 969C 5FA6 6584 8B6E 59C1 E41B 9153
