grsecurity forums

[alamalola]

hi,

just a short question: i compiled the most network options, but i have a problem with the sysctl stuff:

root:/# echo 1 /proc/sys/kernel/grsecurity/altered_pings
1 /proc/sys/kernel/grsecurity/altered_pings
root:/# cat /proc/sys/kernel/grsecurity/altered_pings
0

as a result nmap can detect the linux system - and even the uptime. i use 2.4.18-grsec-1.9.4...


thanks

-and you are doing a great work!-

[spender]

the problem is you're typing it in wrong.

echo 1 /proc/sys/kernel/grsecurity/altered_pings

^^^ don't do that!

echo 1 > /proc/sys/kernel/grsecurity/altered_pings

^^^ do that!...it's called stream redirection

you should enable all the networking features of grsecurity...right now no version of nmap can detect a system with grsecurity on it, and netcraft detects it as strange things (the grsecurity.net server appears as "unknown" and "solaris")

[alamalola]

ok, what a stupid mistake ...

echo 1 > /proc/sys/kernel/grsecurity/rand_ip_ids
echo 1 > /proc/sys/kernel/grsecurity/rand_tcp_src_ports
echo 1 > /proc/sys/kernel/grsecurity/rand_rpc
echo 1 > /proc/sys/kernel/grsecurity/altered_pings
echo 1 > /proc/sys/kernel/grsecurity/rand_ttl
root:~# cat /proc/sys/kernel/grsecurity/rand_ip_ids
1
root:~# cat /proc/sys/kernel/grsecurity/rand_tcp_src_ports
1
root:~# cat /proc/sys/kernel/grsecurity/rand_rpc
1
root:~# cat /proc/sys/kernel/grsecurity/altered_pings
1
root:~# cat /proc/sys/kernel/grsecurity/rand_ttl
1

but nmap can still find out the uptime of the system:

nmap -sT -O IP

Starting nmap V. 2.54BETA31 ( http://www.insecure.org/nmap/ )
Interesting ports on ():
(The 1553 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh

No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=2.54BETA31%P=i686-pc-linux-gnu%D=3/28%Time=3CA2DDD8%O=22%C=1)
TSeq(Class=RI%gcd=1%SI=41D153%IPID=RD%TS=100HZ)
TSeq(Class=RI%gcd=1%SI=41D423%IPID=RD%TS=100HZ)
TSeq(Class=RI%gcd=1%SI=41D42F%IPID=RD%TS=100HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)


Uptime 0.002 days (since Thu Mar 28 10:06:42 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 7 seconds

thanks
for your help

[spender]

disable tcp timestamping...that's what it uses to determine the uptime. It's very difficult to fix that in linux, but i'll look at it again and see if i can write something.

echo 0 > /proc/sys/net/ipv4/tcp_timestamps