I was watching some traffic and trying to figure out from what OS
the packets came from by their TTL, Window Size, etc. Since then
I have been changing around just about every proc entry trying to
confuse some of the tools that pull these values. And it works fine for
tools like disco, p0f, but nmap is still to clever. Is it possible to fool nmap
without using any types of kernel mods, or iptables filtering?
Also something else seems odd to me I have
/proc/sys/net/ipv4/icmp_echo_ignore_all
set to 1 but still reply to pings.
The ping problem I'll probably find within another few minutes,
but searching for filtering with /proc entries is difficult due to all the
iptables scripts with keywords. Thanks in advance if you have any
documentation or advice.
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
