Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Hiding information from nmap - don't do it.' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Hiding information from nmap - don't do it.
Authored by: mdornseif on Mar 19, '03 03:46:09AM
Don't do this if yyou do not exactly know what you gain by doing so and what you break. Many things are designed in the assumption that you are notified if a port is closed. If your computer doesn't act accordingly you might break a lot of things. E.g. sending mail to certain servers or connecting to IRC (because of ident lookups/socks checks). On the other hand most MacOS X computers can be identified without nmap. E.g. by checking HTTP headers:
[c0ldcut:~] md% telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to localhost,.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
...
Server: Apache/1.3.27 (Darwin) DAV/1.0.3
...
So fiddeling with the IP-Stacks internals has very questionable gains tto offer.

[ Reply to This | # ]
Hiding information from nmap - don't do it.
Authored by: jrishaw on Mar 19, '03 05:15:29AM

One should also be wary when giving bad information out.

By setting tcp blackhole to '1' you do not 'break' anything, nor do you risk "breaking the stack".

There are no 'cons' to setting tcp blackhole to 1, other than servers trying to scan you will time out rather than sit and nail you port after port.

Being a networking expert and a BSD operator for almost a decade now, I support this; infact I've done so on most every BSD box I admin, OSX and otherwise (Free/Net/Open).

I must say, however, that the better way to approach this is with a tight ipfw configuration front-ended by a decent nat box that's locked down. Blackhole in and of itself is not a hardener of security; but it does make things a little more vague/obscure.



[ Reply to This | # ]
Hiding information from nmap - don't do it if you think it will make you "more secure"
Authored by: jrishaw on Mar 19, '03 05:18:08AM

Use ipfw. And read the reply to the first "dont do it" post above.



[ Reply to This | # ]