El vie, 28-01-2005 a las 18:40 +0100, Adrian Bunk escribi�: > On Fri, Jan 28, 2005 at 06:17:17PM +0100, Lorenzo Hern�ndez Garc�a-Hierro > wrote: > >... > > As it's impact is minimal (in performance and development/maintenance > > terms), I recommend to merge it, as it gives a basic prevention for the > > so-called system fingerprinting (which is used most by "kids" to know > > how old and insecure could be a target system, many time used as the > > first, even only-one, data to decide if attack or not the target host) > > among other things. > >... > > "basic prevention"? > I hardly see how this patch makes OS fingerprinting by e.g. Nmap > impossible.
That's an example, as you can find at the grsecurity handbook [1]: "The default Linux TCP/IP-stack has some properties that make it more vulnerable to prediction-based hacks. By randomizing several items, predicting the behaviour will be a lot more difficult." "Randomized IP IDs hinders OS fingerprinting and will keep your machine from being a bounce for an untraceable portscan." References: [1]: http://www.gentoo.org/proj/en/hardened/grsecurity.xml Cheers, PS: Thanks for CC'ing me, I forgot to mention that I'm not subscribed to the list, I just read the archives and reply by getting the original mbox-formatted messages. -- Lorenzo Hern�ndez Garc�a-Hierro <[EMAIL PROTECTED]> [1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente
