Subject: Re: Preventative security features?
To: None <current-users@netbsd.org>
From: Dmitri Nikulin <setagllib@optusnet.com.au>
List: current-users
Date: 11/12/2004 01:03:46
Alexander Yurchenko wrote:
>On Thu, Nov 11, 2004 at 08:44:59AM -0500, Steven M. Bellovin wrote:
>
>
>>In message <20041111133815.GF6553@drowsy.duskware.de>, Martin Husemann writes:
>>
>>
>>>On Thu, Nov 11, 2004 at 11:41:06PM +1100, Dmitri Nikulin wrote:
>>>
>>>
>>>>At the very least, the ability to run nmap against a NetBSD machine and
>>>>have it be completely unknown, even with plenty of open and closed ports
>>>>available.
>>>>
>>>>
>>>I don't see the security benefit of this. I prefer script kiddis noticing
>>>NetBSD, sighing loud, and giving up ;-)
>>>
>>>Martin
>>>P.S.: the nmap 3.55 I had lying around has not been able to guess the OS on an
>>>y
>>>NetBSD machine I pointed it at.
>>>
>>>
>>>
>>Indeed. I just pointed nmap 3.70 at a 2.0rc4 machine and was told
>>
>> Running: NetBSD, Microsoft Windows 95/98/ME|NT/2K/XP
>> OS details: NetBSD 1.6ZD, Microsoft Windows NT 3.51 SP5, NT 4.0 or 95/98/98SE
>>
>>I mean, it's rather slanderous, calling NetBSD a version of Windows...
>>
>>
>
>May be it just means that old windows versions use netbsd's tcp/ip stack?
>
>
>
>> --Steve Bellovin, http://www.research.att.com/~smb
>>
>>
>>
>
>
>
Or that there's just enough in common with what it received to call them
possibilities.
I found that if it found enough open ports and closed ones, it could
pinpoint it at least to be NetBSD (no Windows there). Maybe it secretly
asked one of the services what it was running on (I DID have -sV).
Anyway, blackholes would be a good thing, but I suppose you can emulate
their functionality with enough PF cleverness. Random IP IDs, dropping
certain ICMP types without needing filtering, random PIDs, so on... are
handy. None of these things are complicated at all, in many cases just a
clever if() and registering a sysctl. We don't need to have encrypted
swap by default or anything, just a few things that give attackers more
challenges. If it's really seen as being completely useless then okay,
forget it, but otherwise it might be a good project.