Re: The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs)

["Walsh, Andrew" <Andrew_Walsh () ASC AON COM>]

> Since Sun Solaris answer for an ICMP address mask request and OpenBSD does
> not, we can distinguish between those operating systems as well (they both
> answer for ICMP Timestamp request).
>
> This is a simple operating system fingerprinting method, which does not
> require additional and unusual patterns to be set.

You can disable both ICMP address mask request and ICMP Timestamp (broadcast and
unicast) under Solaris with ndd.  The commands are:

ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0
ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
ndd -set /dev/ip ip_respond_to_timestamp 0

These are recommended by Sun (along with other fun ndd commands) in their
"Solaris Operating Environment Network Settings for Security By Alex
Noordergraaf and Keith Watson", a Sun Blueprint available at
http://www.sun.com/blueprints.

Andrew Walsh

"My thoughts are my own, not my companies"