OS stealth

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

OS stealth

Postby amadei » Tue Jan 21, 2003 10:53 pm

Hey guys.

I was just playing with nmap 3.0 and noticed that it can
predict what my GRSecurity protected machines are running
for an OS again.

It was my understanding that GRSec randomized all the factors used to profile an OS... any idea how nmap is figuring out the OS?
amadei
 
Posts: 11
Joined: Tue Mar 26, 2002 1:14 am

Postby spender » Wed Jan 22, 2003 12:05 am

grsec randomizes the ip id, rpc xid, source ports, etc for other reasons than evading os detection. If you're using the stealth module (or have your default iptables rule set to drop) nmap shouldn't be able to detect the os (i've tested with 3.0 as well). I think there is a certain scan that can detect the machine is Linux, though. If you really want to hide from those scans, there's a netfilter module called ippersonality that you may want to check out.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support

cron