[16737] in bugtraq
Re: The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs)
daemon@ATHENA.MIT.EDU (Walsh, Andrew)
Tue Sep 12 19:39:43 2000
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <86256958.007BE30A.00@usmtacst02.aon.com>
Date: Tue, 12 Sep 2000 17:32:59 -0500
Reply-To: Andrew_Walsh@ASC.AON.COM
From: "Walsh, Andrew" <Andrew_Walsh@ASC.AON.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> Since Sun Solaris answer for an ICMP address mask request and OpenBSD does
> not, we can distinguish between those operating systems as well (they both
> answer for ICMP Timestamp request).
>
> This is a simple operating system fingerprinting method, which does not
> require additional and unusual patterns to be set.
You can disable both ICMP address mask request and ICMP Timestamp (broadcast and
unicast) under Solaris with ndd. The commands are:
ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0
ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
ndd -set /dev/ip ip_respond_to_timestamp 0
These are recommended by Sun (along with other fun ndd commands) in their
"Solaris Operating Environment Network Settings for Security By Alex
Noordergraaf and Keith Watson", a Sun Blueprint available at
http://www.sun.com/blueprints.
Andrew Walsh
"My thoughts are my own, not my companies"
