Avoid OS detection on OpenBSD

LinaSovereign - 26th June 2017 - Network /OpenBSD /Security /

You know what we say about OpenBSD : Free, Functional, and… Secure.

OpenBSD Logo

Hosting a public server can lead to many different attacks. Mostly random attacks, but you may be targeted by a “real attacker” who, at first, will gather informations such as the kind of operating system you are running.

Actually, finding what system runs on a server is easy, with Nmap here is a simple way to check what system runs on my gaming computer :

lina@blog:~$ doas nmap -sS -O 192.168.1.42

Nmap scan report for gaming-pc.cagedmonster.net (192.168.1.42)
Host is up (0.00032s latency).
Not shown: 991 filtered ports
MAC Address: 74:D0:2B:9C:B3:A9 (Asustek Computer)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Microsoft Windows 10 build 10586 - 14393 (95%), Microsoft Windows Phone 7.5 or 8.0 (94%), Microsoft 
Windows 10 build 10586 (93%), Microsoft Windows Server 2008 R2 or Windows 8.1 (93%), Microsoft Windows 7 Professional or 
Windows 8 (93%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (93%), Microsoft Windows 
Embedded Standard 7 (93%), Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008 (93%), Microsoft Windows 
Server 2008 R2 (91%), Microsoft Windows Server 2008 SP1 (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.31 seconds

OS detection tools use a lot of datas like :

  • TCP ISN sampling
  • TCP options support and ordering
  • IP ID sampling
  • Window size check…

But… because we are running OpenBSD and using its powerfull firefall named PacketFilter, we can do something about this.

This content is limited to logged in users.