Bugtraq mailing list archives
Re: The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs)
From: Jason Axley <jason.axley () ATTWS COM>
Date: Wed, 13 Sep 2000 08:29:42 -0700
As I've pointed out before, these do not stop all UNIcast requests--mainly broadcast, as noted by the names of the parameters: there is an ip_respond_to_address_mask_broadcast but _not_ an ip_respond_to_address_mask parameter. So, you're stuck with allowing these requests (although a liberal sprinkling of IPfilter could probably take care of this). gak@somehost:/home/gak/SING:30> sudo ndd -get /dev/ip ip_respond_to_address_mask_broadcast 0 gak@somehost:/home/gak/SING:30> sudo ./sing -mask somehost SINGing to somehost (172.16.32.93): 12 data bytes 12 bytes from 172.16.32.93: icmp_seq=0 ttl=255 mask=255.255.254.0 12 bytes from 172.16.32.93: icmp_seq=1 ttl=255 mask=255.255.254.0 ^C --- nofud sing statistics --- 2 packets transmitted, 2 packets received, 0% packet loss -Jason On Tue, 12 Sep 2000, Walsh, Andrew wrote:
Date: Tue, 12 Sep 2000 17:32:59 -0500 From: "Walsh, Andrew" <Andrew_Walsh () ASC AON COM> To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: [BUGTRAQ] The DF Bit Playground (Identifying Sun Solaris &
OpenBSD OSs)
Since Sun Solaris answer for an ICMP address mask request and OpenBSD does not, we can distinguish between those operating systems as well (they both answer for ICMP Timestamp request). This is a simple operating system fingerprinting method, which does not require additional and unusual patterns to be set.You can disable both ICMP address mask request and ICMP Timestamp (broadcast and unicast) under Solaris with ndd. The commands are: ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0 ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0 ndd -set /dev/ip ip_respond_to_timestamp 0 These are recommended by Sun (along with other fun ndd commands) in their "Solaris Operating Environment Network Settings for Security By Alex Noordergraaf and Keith Watson", a Sun Blueprint available at http://www.sun.com/blueprints. Andrew Walsh "My thoughts are my own, not my companies"
-- AT&T Wireless Services IT Security UNIX Security Operations Specialist
Current thread:
- The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs) Ofir Arkin (Sep 12)
- <Possible follow-ups>
- Re: The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs) Aaron Campbell (Sep 12)
- Re: The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs) Walsh, Andrew (Sep 12)
- Re: The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs) Jason Axley (Sep 13)