• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

How to keep a computer from answering to ping?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2, 3
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
crash-x
Just Arrived
Just Arrived


Joined: 03 Dec 2002
Posts: 0
Location: my room

Offline

PostPosted: Sun Dec 08, 2002 9:58 pm    Post subject: Reply with quote

I added in my httpd.conf this:
Code:

ServerTokens Prod
ServerSignature Off


and in my proftpd.conf this:
Code:

ServerIdent             on      "FTP Server ready"

when i scan the banner i get this:
Quote:

-> starting banner scan for localhost
port 88: 220 FTP Server ready
port 80: Apache

when somebody scanns my ports he gets this:
Quote:

Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on pxXxXxXx.dip.t-dialin.net (xx.xxx.xx.xxx):
(The 1599 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp open http
88/tcp open kerberos-sec
Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
Uptime 0.045 days (since Sun Dec 8 19:17:20 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 248 seconds
when somebody scanns my ports he gets this:


So what can I do that nmap can't see my OS and uptime?
Back to top
View user's profile Send private message
gigsvoo
Just Arrived
Just Arrived


Joined: 16 Aug 2002
Posts: 0


Offline

PostPosted: Tue Dec 10, 2002 3:48 am    Post subject: Reply with quote

Sorry but I am still wimping after I read all your guys pro's posts. Perhaps I should read some books on UNIX and Linux security.
Smile
Back to top
View user's profile Send private message
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Mon Dec 16, 2002 6:12 pm    Post subject: Reply with quote

browolf wrote:
delete852 wrote:
Well IpSec is just another VPN protocol as I remember, but to block ICMP requests on a win2k Box, as i do in my home do the following:
1)Open up MMC, and add in Ip Security snap in
2)Create a new policy, name it whaever, and give it a description
3)then look at it's properties, click Edit, There you see, which type of packet it sees, and what it does with it on the next tab. I have a Deny action, you might have to make one, I don't remember if it already was there, to create it go to Add, and just follow the boxes, it might seem overwhelming at the begning, but you will get familiar with it soon. As if it will block P2P, I don't really know, it shouldn't really, but I don't know enought to give a 100% advice. Try it, tell me how it goes.


i've managed to do it on my work computer. and nothing seems to have broken. but i dont use p2p on that Smile


it's all gone pear-shaped. i had to disable it cos it seemed to be stopping me accessing printers. I have 20 odd network printers added so i could see when any got crammed up with jobs, trouble is i've removed the ipsec policy so i'm pingable again but all the network printers are still showing "access denied unable to connect" I only had access to the ones i'm connected directly too (ie not thru a server)

aargh.

aha,from google groups, it might be cos i have restrict anonymous in the reg set to 2. I think i read that on a win2k lockdown page around the same time.

tell u what happens when i've rebooted.
Back to top
View user's profile Send private message
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Mon Dec 16, 2002 6:18 pm    Post subject: Reply with quote

phew that fixed it. Very Happy
Back to top
View user's profile Send private message
delete852
Just Arrived
Just Arrived


Joined: 19 Nov 2002
Posts: 4
Location: Washington DC

Offline

PostPosted: Mon Dec 16, 2002 7:51 pm    Post subject: Reply with quote

Yea I didn't think that it might be something with IpSec, what protocol is used got printing? I know there for a network printing you assign an Ip address, but is IP binded with something? I also read something about INternet Printing Protocol, where it would give the user a lot of details about the printer, such as physical location, type and color of paper loaded and etc. Any one heared anything on that?
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
werem00se
Just Arrived
Just Arrived


Joined: 28 Aug 2002
Posts: 0
Location: U.S.A (west)

Offline

PostPosted: Tue Dec 17, 2002 3:16 am    Post subject: Reply with quote

Hey Beo...

restrictanonymous will kill netbios printing functionality since print queues rely partly on null sessions on p445 (MS-ds). It's a decent way to keep out moderately skilled enumerators, but armed with the NTRK, you can still enumerate and even connect to shares via null sessions. I'd have to find the white paper, but it's possible. As for the comment about closing p79 so someone can't fingerprint your OS, your mixing 2 issues, fingerd and os printing for enumerating open/running services on a host. Finger is an actual daemon running on port 79 that allows one person to query a machine for an individual user:
[user@warpig.domain.net~]: $finger jdoe@homegrown
user unknown
[user@warpig.domain.net~]: $

Fingerprinting an operating system is done by systematically opening or attempting to open ports on a remote machine and examining the way in which things are either responded to or denied. I believe it was Bartman (nope, it was ST - my bad) that pointed out the trick of altering the TCP sequence your machine uses to fool NMAP. That's really the only way to do it on a stand alone machine without placing it behind a firewall or other edge device.

Personally, I don't mind responding to ping. There are a few ISP's and stuff that like their DNS servers to ping hosts. If you decide to drop ICMP, there are plenty of tools (HPING) that will allow you to ping via UDP. If you drop UDP, there are tools that will allow you to see if a host is up by the way it responds to dropped packets. (HPING again :p)

Fact of the matter is: If someone want's to find you they will. Blocking ICMP is only going to keep the lazy script kiddies out.

Also the port (?)gigsvoo was asking about getting printer info on is p's 137-9, and 445 (NetBios). NB is notorious for coughing up as much info as you want to dig for. Through null sessions, you don't even have to supply username/passwd to mount the share or print to it, get print info, mount the actual printers volume..the list goes on, and it's not just printers, it's anything NetBios. ./curses M$ !!!
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Goto page Previous  1, 2, 3
Page 3 of 3


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register