[FUG-BR] Regra contra nmap

Thiago Gomes thiagomespb em gmail.com
Terça Novembro 4 11:46:49 BRST 2008 

Agradeço a todos.. Patrick ja tinha ativado essas opções no sysctrl.conf

net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

porem o resultado foi o que mandei anterior..

Aggressive OS guesses: FreeBSD 5.0-RELEASE (89%), FreeBSD 5.2 - 5.3
(89%), FreeBSD 5.3-RELEASE (89%), FreeBSD 5.3-STABLE (89%), FreeBSD
5.4-RELEASE (88%), FreeBSD 5.2.1 (SPARC) (88%), FreeBSD 5.2-CURRENT -
5.3 (x86) with pf scrub all (86%), FreeBSD 5.3 (86%), Microsoft
Windows XP Pro SP2 (86%), Sun Solaris 2.6 - 7 with tcp_strong_iss=2
(85%)


Com as regras IPFW que o mantunes enviou o resultado foi satisfatorio..

Device type: firewall
Running (JUST GUESSING) : Intel embedded (85%)
Aggressive OS guesses: Intel NetStructure 3110 VPN Gateway (85%)
No exact OS matches for host (test conditions non-ideal).
TCP Sequence Prediction: Class=truly random
                         Difficulty=9999999 (Good luck!)
IPID Sequence Generation: Incremental

Nmap finished: 1 IP address (1 host up) scanned in 36.327 seconds
               Raw packets sent: 3435 (154.466KB) | Rcvd: 56 (3048B)


2008/11/4 mantunes <mantunes.listas em gmail.com>:
> Patrick
>
> Bem lembrado.. implemetei uma vez em um firewall.
>
> net.inet.tcp.blackhole=2
> net.inet.udp.blackhole=1
>
> mas na sua opinião.. essas acima sobrecarrega menos o firewall ??
>
> 2008/11/4 mantunes <mantunes.listas em gmail.com>:
>> Tenta colocar essas regras..
>>
>> ${ipcmd} add deny tcp from any to any tcpflags fin,urg,psh in recv $oifwan
>> ${ipcmd} add deny tcp from any to any tcpflags
>> !fin,!syn,!ack,!urg,!psh,!rst in recv $oifwan
>> ${ipcmd} add deny tcp from any to any tcpflags syn,fin,rst,ack in recv $oifwan
>> ${ipcmd} add deny tcp from any to any tcpflags fin,!syn,!rst,!ack in
>> recv $oifwan
>> ${ipcmd} add deny tcp from any to any tcpflags syn,fin,!rst,!ack in recv $oifwan
>> ${ipcmd} add deny tcp from any to any tcpflags urg,!syn,!fin,!rst,!ack
>> in recv $oifwan
>>
>> Não testei tcp_drop_synfin="YES" no rc.conf
>>
>> 2008/11/4 Wanderson Tinti <wanderson em bsd.com.br>:
>>> Tente colocar no /etc/rc.conf essa linha:
>>> tcp_drop_synfin="YES"
>>>
>>>
>>> 2008/11/4 Cristina Fernandes Silva <cristinafs.listas em gmail.com>:
>>>> Thiago,
>>>>
>>>> Acho que não é FreeBSD este servidor da empresa. verifique..
>>>>
>>>> SInfo(V=4.11%P=i386-redhat-linux-gnu%D=11/4%Tm=491046C3%O=21%C=1)
>>>>
>>>>
>>>>
>>>>
>>>> 2008/11/4 Thiago Gomes <thiagomespb em gmail.com>:
>>>>> Pessoal,
>>>>>
>>>>> Alguem sabe a regra IPFW  para o nmap não desconbrir o meu sistema
>>>>> operacional, passei em meus
>>>>> servidores e o mesmo apareceu essa mensagem.
>>>>>
>>>>>  nmap -sS -O -P0 -v www.exemplo.com.br
>>>>>
>>>>> Running (JUST GUESSING) : FreeBSD 5.X|6.X (89%), Microsoft Windows
>>>>> NT/2K/XP (86%), Sun Solaris 2.X|7 (85%), Apple Mac OS X 10.3.X (85%),
>>>>> Linux 2.4.X (84%), Linksys embedded (84%)
>>>>> Aggressive OS guesses: FreeBSD 5.0-RELEASE (89%), FreeBSD 5.2 - 5.3
>>>>> (89%), FreeBSD 5.3-RELEASE (89%), FreeBSD 5.3-STABLE (89%), FreeBSD
>>>>> 5.4-RELEASE (88%), FreeBSD 5.2.1 (SPARC) (88%), FreeBSD 5.2-CURRENT -
>>>>> 5.3 (x86) with pf scrub all (86%), FreeBSD 5.3 (86%), Microsoft
>>>>> Windows XP Pro SP2 (86%), Sun Solaris 2.6 - 7 with tcp_strong_iss=2
>>>>> (85%)
>>>>> No exact OS matches for host (test conditions non-ideal).
>>>>> TCP Sequence Prediction: Class=truly random
>>>>>                         Difficulty=9999999 (Good luck!)
>>>>> IPID Sequence Generation: Incremental
>>>>>
>>>>> Nmap finished: 1 IP address (1 host up) scanned in 33.029 seconds
>>>>>               Raw packets sent: 3418 (152.910KB) | Rcvd: 34 (1896B)
>>>>>
>>>>> Em um servidor de uma empresa que eu conheço que é FreeBSD passei
>>>>> novamente só que não apareceu.
>>>>>
>>>>> No exact OS matches for host (If you know what OS is running on it,
>>>>> see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
>>>>> TCP/IP fingerprint:
>>>>> SInfo(V=4.11%P=i386-redhat-linux-gnu%D=11/4%Tm=491046C3%O=21%C=1)
>>>>> TSeq(Class=TR%IPID=I)
>>>>> T1(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MENWNNT)
>>>>> T2(Resp=N)
>>>>> T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MENWNNT)
>>>>> T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
>>>>> T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
>>>>> T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
>>>>> T7(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
>>>>> PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
>>>>>
>>>>> TCP Sequence Prediction: Class=truly random
>>>>>                         Difficulty=9999999 (Good luck!)
>>>>> IPID Sequence Generation: Incremental
>>>>>
>>>>> Nmap finished: 1 IP address (1 host up) scanned in 27.351 seconds
>>>>>               Raw packets sent: 1945 (87.104KB) | Rcvd: 1718 (79.394KB)
>>>>>
>>>>>
>>>>> Alguem tem uma dica
>>>>>
>>>>> Obrigado
>>>>> -------------------------
>>>>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>>>>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>>>>
>>>> -------------------------
>>>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>>>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>>>
>>> -------------------------
>>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>>
>>
>>
>>
>> --
>> Marcio Antunes
>> Powered by FreeBSD
>> ==================================
>> * Windows: "Where do you want to go tomorrow?"
>> * Linux: "Where do you want to go today?"
>> * FreeBSD: "Are you, guys, comming or what?"
>>
>
>
>
> --
> Marcio Antunes
> Powered by FreeBSD
> ==================================
> * Windows: "Where do you want to go tomorrow?"
> * Linux: "Where do you want to go today?"
> * FreeBSD: "Are you, guys, comming or what?"
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>

Mais detalhes sobre a lista de discussão freebsd