LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-09-2001, 11:57 PM   #1
tmiles
LQ Newbie
 
Registered: Jul 2001
Location: MD
Distribution: NETMAX
Posts: 18

Rep: Reputation: 0
Hiding


I want to have a linux server on my office LAN but I don't want the os type to be found if a person uses NMAP or HYDRA or any other scanning software? Does anyone out there know how to do that? (My boss doesn't like linux because it is open source but it works so much better for our printserver then 2000)
 
Old 08-10-2001, 03:55 AM   #2
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Put a firewall on it and make sure it does one of the following if it's scanned.

Shows all ports filtered. "incoming packets are Denied"
Doesn't show any ports open or closed. "incoming packets are Rejected"
Doesn't allow replies to ICMP type 11, 8, 10, 5, 17

Then a TCP/IP OS fingerprint scan can't get enough responses to work out the response from 1 open and 1 closed port + an ICMP OS fingerprint scan has the same problem.

Ask your Boss why so many systems are screwed because of Code red, I'm sure it has nothing to do with Microsoft's shoddy programming.

/Raz

Last edited by raz; 08-10-2001 at 03:57 AM.
 
Old 08-10-2001, 06:14 AM   #3
tmiles
LQ Newbie
 
Registered: Jul 2001
Location: MD
Distribution: NETMAX
Posts: 18

Original Poster
Rep: Reputation: 0
Cool

Thanks alot for the help.. But will that work if I am running Samba and using it as a printserver?
 
Old 08-10-2001, 07:48 AM   #4
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
yes as long as the firewall like ipchains or iptables only has the 137:139 ports as accept and all others reject or deny.

The fingerprint OS scans needs to see the response from 1 open port and 1 closed ports to get a good identification on it, if it can't it will try and guess from the open ports.

also add this line to the /etc/rc.d/rc.local file to help fool them into thinking it's a NT system. "which people will think anyway as it's got the windows netbios and netbuie ports open.

#echo 32 > /proc/sys/net/ipv4/ip_default_ttl

Linux uses 64 I think windows systems use 32.

/Raz
 
Old 08-10-2001, 08:17 AM   #5
tmiles
LQ Newbie
 
Registered: Jul 2001
Location: MD
Distribution: NETMAX
Posts: 18

Original Poster
Rep: Reputation: 0
Talking THANKS!

Man you are good, I am going to put this to the test on Monday and let you know what happens! Thanks a lot again!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
A partition is hiding... jsheffie SUSE / openSUSE 2 04-25-2005 12:30 PM
hiding the desktop manas_shukla Linux - Newbie 3 01-22-2005 06:28 AM
Hiding Ports Ozzman Linux - Security 9 12-08-2003 07:24 PM
hiding processes n3wb1e Linux - Security 11 10-21-2003 09:52 AM
hiding sectors porous Linux - Hardware 1 10-12-2003 03:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration