i have a CentOS 5.1 server running sshd (exposed to the outside world). i'd like to use iptables to fool nmap into thinking i'm running another O/S. e.g.: iptables -t mangle -A PREROUTING -d 192.168.0.64 -j PERS \ --tweak dst --local --conf /etc/personalities/macos9.conf iptables -t mangle -A OUTPUT -d 192.168.0.64 -j PERS \ --tweak src --local --conf /etc/personalities/macos9.conf all of the tutorials on iptables i've found take me through steps that involve a kernel recompile ... do i really need to do this? is there a tutorial that provides a somewhat large degree of detail on how to do what i'm interested in doing? i haven't compiled a kernel in approx. a decade (slackware). of course, i'd like to avoid the kernel recompile if possible. thanks --tom
Tom Laramee wrote:> > i have a CentOS 5.1 server running sshd (exposed to the outside world). > > i'd like to use iptables to fool nmap into thinking i'm running another > O/S. >How would that help? AFAIK, security via obscurity does not really take us long. i believe as long as you have a good set of rules protecting you, its unnecessary to do all the hard work in impersonating another OS. But its only me. -- Regards, Anup Shukla