Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How can I make it so no one can find out my OS version when a network scan is done? Also how can I hide the BIND DNS version I am using? I am using NETMAX linux (on redhat 6.2)
Active fingerprinting tools like Nmap, Hunt and Queso rely on differences in TCP/IP stack (tcp 3-way handshake reaction, initial/return payload, byte-order, system settings) to come up with a fingerprint. Then there's also passive fingeprinting (manually or with tools like Siphon) based on system settings like TTL, window size, TOS and DF flags (theres more like icmp payload, sequence/ip ident numbers. etc etc tho).
Some behaviour can be changed by patching the kernel, some by echoing a value into /proc/sys/net/* keys. The TOS bits can be set tru fi ipchains. For more I think u really should read Fyodor's Phrack article and nmap docs, Kernel$(version)/Documentation/ip-sysctl, else look for docs by Vision, Dug Song or Spitz.
So at least 20+ params can be set from /proc to customize behaviour. Theres a few patches around to help thwart recognition: Fpf or Finger Print Fu***r (dunno if its LKM or kernel patch, never used it), then theres something (LKM?) against tracerouting, at least one setting from Solar Designers Openwall kernel patch and Sytek's kernel patch.
Just try proc & patch customizing out, but remember this is "security by obscurity", not a true solution, and if someone effectively scans for banners it's of no use anyway (IIS5 on Linux, yeah right).
Bout Netmax I dont know, but in BIND u would set up an ACL on the CHAOS zone named "bind". If its hardcoded itll require rebuilding. Look for printf'ed {BASE_}VERSION strings in the *.{c,h} code.
HTH somehow.
*(doh! I forgot to mention the obvious... firewalling helps thwart OS recon also...)
Have a look at http://www.linuxquestions.org/questi...ht=fingerprint if you can access a port of a machine then you can pretty much fingerprint it - if you block all the ports then you don't have a problem, but then again you also don't have any available network services - not much use if you want to run a web server etc...
As for hiding the version of Bind you are using - do you just want to stop people from access it? If this is the case then you can just firewall the port, if you want people to be able to access it but now know the version the you probably want to hack the source code so it doesn't reply with the version, or replys with an incorrect version. But as mentioned hiding possible holes isn't a very good way to go about security!
Security is not the issues. In the building I work in has a problem with using Linux. And even though I know it's secure when they do Nmap scans etc and see the linux or they run hydra and it comes up with the bind version they freak out. I could use UNIX (Even though it's no more secure) So I want to hind the bind version that comes back on the scan and the os version..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.