How to HIDE "OpenBSD" as user-agent?

For security reasons it is sometimes interesting to hide GLOBALLLY th
O.S. you are running on AGAINST GIVING ANY CLUE TO HACKERS ABOUT HOW TO
ATTACK YOU.

Not only browsing but globally.

Thanks for any tip about this.

seen some pf.conf settings against remote OS detection at http://nmap.org/misc/defeat-nmap-osdetect.html#OPENBSD:

""The OpenBSD packet filter can also be configured to try to defeat remote OS Fingerprint..""

and  at http://hackepedia.org/?title=Pf :

""
# block nmap OS detection scans somewhat (-O)
block in quick proto tcp flags FUP/WEUAPRSF
block in quick proto tcp flags WEUAPRSF/WEUAPRSF
block in quick proto tcp flags SRAFU/WEUAPRSF
block in quick proto tcp flags /WEUAPRSF
block in quick proto tcp flags SR/SR
block in quick proto tcp flags SF/SF
""

Any tips for a full pf.conf settings ?

On Tue, 29 Apr 2008 06:18:38 -0600

Well since the OP wanted to block ALL user agents from absolutely
everywhere and don't mind security by obscurity, may I suggest the
following:

block in quick all
block out quick all

That's as secure as you can get by going for obscurity, without
turning off the computer!

I think unplugging the network cable(s) would be more secure.

What if the OP is on wireless? (Using WEP too! :O). I suggest they
have the block all rules anyway, just to be safe... ya know, in case
of a thunder storm, kids may not want to go outside, and start doing
crazy things inside, such as plugging the network cable back in...

-- 
This e-mail may be confidential. You may not copy, forward,
distribute, or, use any part of it. If you have received this message
in error, please delete it from your system and notify the sender
immediately by return e-mail. The sender does not accept liability for
any errors, or, omissions. Note, this text has no effective legal
binding on your part. There is no obligation to abide any or all parts
of this, just as any texts appended to e-mail on rest of the Internet.
For more information about disclaimers, please see:
http://www.goldmark.org/jeff/stupid-disclaimers/

Write your own TCP/IP stack. But please read all the other replies
before you do so.

On Tue, Apr 29, 2008 at 6:30 PM, macintoshzoom

This is an obscurity hack and an all round bad idea.

If you REALLY must do this (dunno why) enjoy hacking the code of anything
you find on you're box that can be used as a network client.
    Have fun :D

On Tue, Apr 29, 2008 at 2:18 PM, macintoshzoom <macintoshzoom@lavabit.com>


-- 
I have heard there are troubles of more than one kind.
Some come from ahead and some from behind.
But I've bought a big bat. I'm all ready you see.
Now my troubles are going to have toubles with me!
-- Dr. Seuss

Yes it's an obscurity hack, but that doesn't make it a bad idea in general.

When I'm browsing from my work computer I'm very easy to trace anywhere 
in logs because of the OpenBSD, KDE and Seamonkey combination.

 From a security point of view it's plain stupid, but regarding privacy 
the question isn't a bad idea.

+++chefren

Now this idea: I don't have an issue with.

For HoneyPot systems, obviously, you want to "Attract attention", you setup
attractive, known buggy user agent strings and the like for other services.
Then watch who attempts.

For Silent Lurker systems, you want an obscure response to thinks like the
HTTP User Agent string  but if you use things like Opera, Firefox, or Apple's
Safari, You could select a false User-Agent string to send.
For other "Services" the Silent Lurker is going to respond to, you could be
more obscure: Like not send anything at all...


But then Again. I would tend to use the Silent Lurker method "If" I was
surfing for 'Pr0n'  but instead I just use an expendable Windows 2000 system
running firefox *"With Delete everything when done"* setting turned on in a
PF'ed DMZ lan segment, logged in as administrator (with full rights) with a
machine name of IDONTCARE or something like that.  When it goes Zoop, I ghost
a copy back over.


_________________________________________________________________
Find hidden words, unscramble celebrity names, or try the ultimate crossword
puzzle with Live Search Games. Play now!
http://g.msn.ca/ca55/212

I'm removing all lists except misc@ from cc:,

And please, will you STOP CROSS POSTING ?

Thanks


-- 
Gilles Chehade
http://www.poolp.org/

Sorry about the previous cross post,... sorry been working 37hours straight
and forgot to check.

[...]

in my opinion this is ridiculous.  no, wait, it is a troll.

cel

-- 
Christopher Linn <celinn at mtu.edu>  | By no means shall either the CEC
System Administrator II               | or MTU be held in any way liable
  Center for Experimental Computation | for any opinions or conjecture I
    Michigan Technological University | hold to or imply to hold herein.

Simple, run a different operating system.

Hi,

On Tue, Apr 29, 2008 at 1:18 PM, macintoshzoom

Cross posting like this is considered plain rude. It belonged on misc@.

Also the user-agent depends upon the client and therefore is not
openbsd related.


Edd

IIRC privoxy does what you want.

On Tue, Apr 29, 2008 at 2:18 PM, macintoshzoom

In hopes of preventing your ending up singed and blackened around the edges...

On Tue, Apr 29, 2008 at 2:18 PM, macintoshzoom

It is not. As pointed out on these lists countless times now,
attackers will throw everything they have and see what (if anything)
makes it through. They don't care how they break in, all they want is
to use your systems to their ends.

Do everyone a favour and stop believing in security through obscurity.

Cheers,

Rogier

-- 
If you don't know where you're going, any road will get you there.

Do you really think that obscure things make them more secure?

One more thing, don't cross post! Doing that, you are a serious
candidate to be flamed.

Pedro

Step 1: don't post what OS you use to *four* mailing lists..

Step 2: ermm, you didn't post enough useful information to suggest
a step 2.

On Tue, Apr 29, 2008 at 2:18 PM, macintoshzoom

Has people still not learned anything about security through obscurity?
No need to shout or cc all the mailing lists please.

Which of course is bullshit, since the last 10+ years. They will attack
you, OpenBSD or not. What matters is not if you claim to be windows95 or
not, but if you in fact are vulnerable or not.

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

I don't know, but I do know that cross-posting all over the place does
not help to solve your problem.

	-Otto

First, I find it hard not to think this is a troll.

Second, please don't cross post to nearly every OpenBSD list.

Third, security through obscurity and all that....

_sigh_

jim