grsecurity forums

hi,

just a short question: i compiled the most network options, but i have a problem with the sysctl stuff:

root:/# echo 1 /proc/sys/kernel/grsecurity/altered_pings
1 /proc/sys/kernel/grsecurity/altered_pings
root:/# cat /proc/sys/kernel/grsecurity/altered_pings
0

as a result nmap can detect the linux system - and even the uptime. i use 2.4.18-grsec-1.9.4...


thanks

-and you are doing a great work!-

the problem is you're typing it in wrong.

echo 1 /proc/sys/kernel/grsecurity/altered_pings

^^^ don't do that!

echo 1 > /proc/sys/kernel/grsecurity/altered_pings

^^^ do that!...it's called stream redirection

you should enable all the networking features of grsecurity...right now no version of nmap can detect a system with grsecurity on it, and netcraft detects it as strange things (the grsecurity.net server appears as "unknown" and "solaris")

ok, what a stupid mistake ...

echo 1 > /proc/sys/kernel/grsecurity/rand_ip_ids
echo 1 > /proc/sys/kernel/grsecurity/rand_tcp_src_ports
echo 1 > /proc/sys/kernel/grsecurity/rand_rpc
echo 1 > /proc/sys/kernel/grsecurity/altered_pings
echo 1 > /proc/sys/kernel/grsecurity/rand_ttl
root:~# cat /proc/sys/kernel/grsecurity/rand_ip_ids
1
root:~# cat /proc/sys/kernel/grsecurity/rand_tcp_src_ports
1
root:~# cat /proc/sys/kernel/grsecurity/rand_rpc
1
root:~# cat /proc/sys/kernel/grsecurity/altered_pings
1
root:~# cat /proc/sys/kernel/grsecurity/rand_ttl
1

but nmap can still find out the uptime of the system:

nmap -sT -O IP

Starting nmap V. 2.54BETA31 ( http://www.insecure.org/nmap/ )
Interesting ports on ():
(The 1553 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh

No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=2.54BETA31%P=i686-pc-linux-gnu%D=3/28%Time=3CA2DDD8%O=22%C=1)
TSeq(Class=RI%gcd=1%SI=41D153%IPID=RD%TS=100HZ)
TSeq(Class=RI%gcd=1%SI=41D423%IPID=RD%TS=100HZ)
TSeq(Class=RI%gcd=1%SI=41D42F%IPID=RD%TS=100HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)


Uptime 0.002 days (since Thu Mar 28 10:06:42 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 7 seconds

thanks
for your help

disable tcp timestamping...that's what it uses to determine the uptime. It's very difficult to fix that in linux, but i'll look at it again and see if i can write something.

echo 0 > /proc/sys/net/ipv4/tcp_timestamps