This is a kernel patch to prevent stealth, fin, and rst scans. Also slows down the tcp connect scan. Tested on debian potato running 2.4.16. Tested with nmap and queso - Changes OS fingerprint.
34dc5fef83c2a347dc0f9e61a28b304f44dd7ead8a44a36b2bf875b32880c4a0This is a patch to prevent stealth,fin,rst scans and slows
down the tcp connect scan. well on the 2.4.16 kernel it doesnt
Fingerprint the remote os . tested on debian potato running 2.4.16
Tested with nmap and queso .
well you have to recompile your kernel with the nmap-freak-patch option
checked
and to turn on the antiscan feature you can set it using proc
echo 1 > /proc/sys/net/ipv4/tcp_restrict
echo 1 > /proc/sys/net/ipv4/icmp_restrict
jaguar@vcert.org
----------------cut here------------------------
Only in linux-2.4.16/net/ipv4/: .depend
diff -uxr kernel-source-2.4.16/net/ipv4/Config.in linux-2.4.16/net/ipv4/Config.in
--- kernel-source-2.4.16/net/ipv4/Config.in Sat Sep 29 08:13:17 2001
+++ linux-2.4.16/net/ipv4/Config.in Mon Jan 28 05:59:51 2002
@@ -48,6 +48,7 @@
bool ' IP: disable ECN support by default' CONFIG_INET_ECN_DISABLED
fi
bool ' IP: TCP syncookie support (disabled per default)' CONFIG_SYN_COOKIES
+bool ' IP: NMAP freak patch ' NMAP_FREAK_PATCH
if [ "$CONFIG_NETFILTER" != "n" ]; then
source net/ipv4/netfilter/Config.in
fi
diff -uxr kernel-source-2.4.16/net/ipv4/icmp.c linux-2.4.16/net/ipv4/icmp.c
--- kernel-source-2.4.16/net/ipv4/icmp.c Thu Nov 8 04:09:36 2001
+++ linux-2.4.16/net/ipv4/icmp.c Mon Jan 28 05:47:52 2002
@@ -143,6 +143,10 @@
int sysctl_icmp_echo_ignore_all;
int sysctl_icmp_echo_ignore_broadcasts;
+#ifdef NMAP_FREAK_PATCH
+int sysctl_icmp_restrict = 0;
+#endif
+
/* Control parameter - ignore bogus broadcast responses? */
int sysctl_icmp_ignore_bogus_error_responses;
@@ -783,7 +787,10 @@
icmp_param.offset=0;
icmp_param.data_len=0;
icmp_param.head_len=sizeof(struct icmphdr)+12;
+#ifdef NMAP_FREAK_PATCH
+ if(!sysctl_icmp_restrict)
icmp_reply(&icmp_param, skb);
+#endif
}
Common subdirectories: kernel-source-2.4.16/net/ipv4/netfilter and linux-2.4.16/net/ipv4/netfilter
diff -uxr kernel-source-2.4.16/net/ipv4/sysctl_net_ipv4.c linux-2.4.16/net/ipv4/sysctl_net_ipv4.c
--- kernel-source-2.4.16/net/ipv4/sysctl_net_ipv4.c Wed Oct 31 04:38:12 2001
+++ linux-2.4.16/net/ipv4/sysctl_net_ipv4.c Mon Jan 28 06:13:38 2002
@@ -35,6 +35,11 @@
extern int sysctl_icmp_ratelimit;
extern int sysctl_icmp_ratemask;
+#ifdef NMAP_FREAK_PATCH
+extern int sysctl_icmp_restrict;
+extern int sysctl_tcp_restrict;
+#endif
+
/* From igmp.c */
extern int sysctl_igmp_max_memberships;
@@ -153,6 +158,11 @@
{NET_TCP_SYNCOOKIES, "tcp_syncookies",
&sysctl_tcp_syncookies, sizeof(int), 0644, NULL, &proc_dointvec},
#endif
+#ifdef NMAP_FREAK_PATCH
+ {NET_IPV4_ICMP_RESTRICT , "icmp_restrict", &sysctl_icmp_restrict, sizeof(int), 0644, NULL, &proc_dointvec},
+ {NET_IPV4_TCP_RESTRICT , "tcp_restrict", &sysctl_tcp_restrict, sizeof(int), 0644,NULL, &proc_dointvec},
+#endif
+
{NET_TCP_TW_RECYCLE, "tcp_tw_recycle",
&sysctl_tcp_tw_recycle, sizeof(int), 0644, NULL, &proc_dointvec},
{NET_TCP_ABORT_ON_OVERFLOW, "tcp_abort_on_overflow",
diff -uxr kernel-source-2.4.16/net/ipv4/tcp_ipv4.c linux-2.4.16/net/ipv4/tcp_ipv4.c
--- kernel-source-2.4.16/net/ipv4/tcp_ipv4.c Mon Nov 5 23:16:12 2001
+++ linux-2.4.16/net/ipv4/tcp_ipv4.c Mon Jan 28 05:56:33 2002
@@ -63,6 +63,10 @@
#include <linux/stddef.h>
#include <linux/ipsec.h>
+#ifdef NMAP_FREAK_PATCH
+int sysctl_tcp_restrict = 0;
+#endif
+
extern int sysctl_ip_dynaddr;
/* Check TCP sequence numbers in ICMP packets. */
@@ -1038,6 +1042,12 @@
struct tcphdr *th = skb->h.th;
struct tcphdr rth;
struct ip_reply_arg arg;
+
+#ifdef NMAP_FREAK_PATCH
+if(sysctl_tcp_restrict)
+return;
+#endif
+
/* Never send a reset in response to a reset. */
if (th->rst)
-----------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed