LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
 
Search this Thread
Old 05-08-2013, 01:05 PM   #1
centran
LQ Newbie
 
Registered: May 2013
Posts: 1

Rep: Reputation: Disabled
UDP IP Identification - fingerprinting


I am trying to run a PCI compliancy check on my server but it is failing for one reason.

Code:
Summary:
UDP constant IP Identification field reveals host type

Risk: High (3)
Port: 139/tcp
Protocol: tcp
Threat ID: misc_udpipidzero

Details: 10/01/09
CVE 2002-0510
When sending packets which are not fragmented, the UDP implementation in Linux kernels sets the
Identification field in the IP header to a constant
value, namely zero. This behavior, when observed by a
remote user, can be used to determine that the operating
system is Linux. Knowledge of a remote operating system
gives potential attackers a starting point for planning an attack.
Now I am not even sure why port 139 is setting it off as I have my set my iptables rules to explicitly drop both udp and tcp on port 139 but it doesn't matter. Here is the iptables rule I am using to block that port in case I am doing it wrong.
Code:
iptables -A INPUT -p tcp --dport 139 -j DROP
iptables -A INPUT -p udp --dport 139 -j DROP
Has anyone heard of this problem before? Is there a kernel patch or module to remove this behavior? I am running Debian on a 2.6.32-5 kernel. Google searches have turned up little. I am stuck up against a wall here. Any point in the right direction would be most helpfull.
 
Old 05-09-2013, 02:25 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 28,274
Blog Entries: 54

Rep: Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175
Running a network vulnerability scanner on a target produces a lot of noise. See the vendor statement here: http://web.nvd.nist.gov/view/vuln/de...=CVE-2002-0510 and the comment here: http://cve.mitre.org/cgi-bin/cvename...=CVE-2002-0510.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
UDP Constant IP Identification Field Fingerprinting MensaWater Linux - Security 4 07-10-2008 12:51 PM
Passive OS Fingerprinting stringZ Linux - Networking 1 07-09-2008 05:53 PM
os fingerprinting adityaj123 Linux - Security 5 03-17-2008 09:45 AM
block OS fingerprinting bentman78 Linux - Security 12 06-21-2004 08:47 AM
OS Fingerprinting and IPtables cirrusgr Linux - Networking 2 12-07-2002 06:48 PM


All times are GMT -5. The time now is 07:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration