root | 20 September, 2006 21:06
OpenBSD ile birlikte gelen Firewall yazilimi PF’in scrub ozelligi kullanilarak isletim sistemi saptama yazilimlari bir dereceye kadar yaniltilabilir. Basitce scrub RFC’lere uyumlu olmayan paketleri dusurme isini yapiyor(detaylarina bakacak olursaniz cok daha fazlasini yapiyor, basitinden bir NIDS gibi…)
man pf.conf’tan…
Traffic Normalization (e.g. scrub)
Traffic normalization protects internal machines against inconsis-
tencies in Internet protocols and implementations.
Nasil mi test ederiz? Nmap ve PF kullanarak sonuclari gorebilirsiniz…
1)ilk durumda scrub ozelligi devreye alinmamis bir Firewall ve nmap sonuclari; nokta atisi yapmis gibi sistemi bulabiliyor.
# nmap -O 1.2.3.4.90
Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-09-20 12:52 EEST
Interesting ports on 1.2.3.4.90:
(The 1667 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
MAC Address: 00:02:B4:18:8D:24 (Intel)
Device type: general purpose
Running: OpenBSD 3.X
Nmap finished: 1 IP address (1 host up) scanned in 19.866 seconds
2) ikinci durumda scrub ozelligi devreye alinmis bir Firewall’a ayni tarama yapiliyor ve sonuc;
# nmap -P0 -O 1.2.3.4.90
Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-09-20 12:54 EEST
Insufficient responses for TCP sequencing (0), OS detection may be less accurate
Interesting ports on 1.2.3.4.90:
(The 1667 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
MAC Address: 00:02:B4:18:8D:24 (Intel)
Device type: general purpose
Running: Novell NetWare 6.X, OpenBSD 3.X
OS details: Novell Netware 6 (no service packs), OpenBSD 3.3 x86 with pf “scrub in all”, OpenBSD 3.5 or 3.6
Nmap finished: 1 IP address (1 host up) scanned in 25.901 seconds