Jamie,
Sorry but I though I would also have a look too.
Just building on your last comment, if you have any open port like from your httpd, then if you don't get the TCP handshake to show different handshake info, like the stuff I'm attempting to modify on my box, then people will be able to work out the OS.
Your box responds with:
TSeq(Class=RI%gcd=1%SI=190FDB%IPID=I%TS=100HZ)
T1(Resp=Y%DF=Y%W=7F53%ACK=S++%Flags=AS%Ops=MENNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=7F53%ACK=S++%Flags=AS%Ops=MENNTNW)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Which is Linux 2.2.16
Also if you close/filter all the ports then I can still find out the OS type, as your firewall needs to filter out ICMP type 13 requests. "windows boxes don't implement this type"
Also you should disable ICMP type 8. "ping requests"
Other then that your rules are set-up well.
Also don't DENY packets, REJECT them as your can work out the filters your running as the pckets never come back, REJECT makes it look like the port is not used.
On a different note there is a server on that same subnet as yours that could cause a DOS attack on your subnet, as it's misconfigured and responded to me when I was asking your firewall to tell me if it was susceptible to broadcast pings. "smurf"
/Raz
[Edited by razbot on 06-06-2001 at 10:36 AM]