i have a CentOS 5.1 server running sshd (exposed to the outside world).
i'd like to use iptables to fool nmap into thinking i'm running another O/S.
e.g.: iptables -t mangle -A PREROUTING -d 192.168.0.64 -j PERS \ --tweak dst --local --conf /etc/personalities/macos9.conf
iptables -t mangle -A OUTPUT -d 192.168.0.64 -j PERS \ --tweak src --local --conf /etc/personalities/macos9.conf
all of the tutorials on iptables i've found take me through steps that involve a kernel recompile ... do i really need to do this?
is there a tutorial that provides a somewhat large degree of detail on how to do what i'm interested in doing? i haven't compiled a kernel in approx. a decade (slackware). of course, i'd like to avoid the kernel recompile if possible.
thanks --tom
Tom Laramee wrote:
i have a CentOS 5.1 server running sshd (exposed to the outside world).
i'd like to use iptables to fool nmap into thinking i'm running another O/S.
How would that help?
AFAIK, security via obscurity does not really take us long. i believe as long as you have a good set of rules protecting you, its unnecessary to do all the hard work in impersonating another OS.
But its only me.
-
Anup Shukla -
Tom Laramee