My Centos, Tips,article,how to,guide,intro to centos,

The computer on ? ? network is used very easily by the hacker tool or other method undertake scanning,With seeking the loophole in the system,Have charge in the light of flaw again next.

? ? adopts camouflage Linux system,To false appearance of hacker setting system,Can increase a hacker to analytic difficulty of the system,Entice them to take the wrong turning,The security that improves interconnected system of computer science department further thereby.It is with Red Hat Linux below exemple,The method that in the light of a few kinds of hackers' commonly used way introduction a few commonly used Linux systems pretend.

? ? serves in the light of HTTP

The kind that ? ? knows server of Web of beyond the mark analyse,The type that can figure drill makes a system roughly,For instance,Windows use IIS will offer HTTP to serve,And the commonnest in Linux is Apache.

The mechanism is protected without any information in the Apache configuration with ? acquiescent ? ,And allow catalog browse.Browse through catalog,Can obtain normally similar " Apache/1.3.27 Server At Apache.linuxforum.net Port 80 " or " Apache/2.0.49 (Unix) PHP/4.3.8 " information.

? ? configures the ServerTokens parameter in the file through revising,Can conceal the pertinent information of Apache.But,The Apache that Red Hat Linux runs is the program that has compiled,Clew information is compiled in the program,The source code that should conceal these information to need to revise Apache,Next,Compile installation program afresh,Replace the clew content inside in order to come true.

? ? is with Apache 2.0.50 exemple,Editor Ap_release.h file,Revise " #define AP_SERVER_BASEPRODUCT \ "Apache\" " for " #define AP_SERVER_BASEPRODUCT \"Microsoft-IIS/5.0\" " .Editor Os/unix/os.h file,Revise " #define PLATFORM \"Unix\" " for " #define PLATFORM \"Win32\ " " .Revise after ending,Compile afresh, installation Apache.

After installation of ? ? Apache is finished,Modification Httpd.conf configures a file,Will " ServerTokens Full " instead " ServerTokens Prod " ;Will " ServerSignature On " instead " ServerSignature Off " ,Save file to disk next exit.After the new Apache that start,Into line scanning with the tool,In discovering clew message, had shown the operating system is Windows.

? ? serves in the light of FTP

? ? serves through FTP,The type of OK also and conjectural operating system,For instance,The FTP service below Windows is Serv-U more,And the commonly used Vsftpd, Proftpd and Pureftpd software below Linux.

? ? is with Proftpd exemple,Proftpd.conf of modification configuration file,Add following content:

ServerIdent On \"Serv-U FTP Server V5.0 For WinSock Ready of ? of ? ? ? . . . \ "

? ? saves file to disk after exiting,The new Proftpd that start serves,The FTP server that loginned to amend clew information has a test:

C:\ of ? of ? ? ?\>ftp 192.168.0.1

Connected To 192.168.0.1 of ? of ? ? ? .

220 Serv-U FTP Server V5.0 For WinSock Ready of ? of ? ? ? . . .

User (192.168.0.1:(of ? of ? ? ?None)) :

331 Password Required For (none) of ? of ? ? ? .

? of ? ? ? Password:

530 Login Incorrect of ? of ? ? ? .

Login Failed of ? of ? ? ? .

Ftp > Quit of ? of ? ? ?

221 Goodbye of ? of ? ? ? .

? ? such from apparently look,The server was running the Windows of Serv-U namely.

? ? is aimed at TTL return of value

? ? can explore a lead plane with Ping command,Can figure according to TTL base the type of the operating system.Did not pass any gateway and grade to by network,The TTL that system of direct Ping the other side gets is worth,Be called " TTL base " .In the network,Data wraps every to pass a grade by implement,TTL can be decreased 1,It is when TTL 0 when,This data bag can be discarded.

Normally the circumstance issues ? ? ,The base of the TTL of Windows is 128,And the TTL base of inchoate Red Hat Linux and Solaris is 255,The TTL base of the Red Hat Linux of FreeBSD and new version is 64.For instance,Ping system of a Red Hat,Show as follows:

Pinging 192.168.0.1 With 32 Bytes Of Data of ? of ? ? ? :

Reply From 192.168.0.1 of ? of ? ? ? : Bytes=32 Time <10ms TTL=64

Reply From 192.168.0.1 of ? of ? ? ? : Bytes=32 Time <10ms TTL=64

Reply From 192.168.0.1 of ? of ? ? ? : Bytes=32 Time <10ms TTL=64

Reply From 192.168.0.1 of ? of ? ? ? : Bytes=32 Time <10ms TTL=64

Ping Statistics For 192.168.0.1 of ? of ? ? ? :

Packets of ? of ? ? ? : Sent = 4, received = 4, lost = 0 (0% Loss) ,

Approximate Round Trip Times In Milli-seconds of ? of ? ? ? :

Minimum = 0ms of ? of ? ? ? , maximum = 0ms, average = 0ms

The TTL base that modification Red Hat Linux commands below ? ? in order to is 64) originally for 128(:

# Echo 128 > /proc/sys/net/ipv4/ip_default_ttl of ? of ? ? ?

If ? ? wants to make install permanent become effective,Can revise / Etc/sysctl.conf configures a file,Add following group:

Net.ipv4.ip_default_ttl = 128 of ? of ? ? ?

? ? is saved after exiting,Again Ping 192.168.0.1,TTL base turns into 128.

? ? is mixed in the light of 3389 port 22 port

? ? passes scanning sometimes 3389 port with 22 port,The type of OK also and conjectural operating system.The 3389 port that TCP agreement uses commonly below Windows undertake be controllinged remotely,And the 22 port that Linux may use TCP agreement,Offer contain add close transmission SSH serves.

? ? for safety,The SSH that can use Iptables to restrict 22 port logins,The existence that lets be not the IP scanning of accredit to be less than TCP 22 port:

#iptables -I INPUT -s of ? of ? ? ? ! Xx.xx.xx.xx -p Tcp- - Dport 22 -j DROP

? ? uses Iptables,the TCP 3389 port of this machine move opens the computer that has 3389 port to go up to other,The TCP 3389 port that puts on to provide a service to Linux system bogus.The order is as follows:

#echo 1 > /proc/sys/net/ipv4/ip_forward of ? of ? ? ?

#iptables -t Nat -I PREROUTING -p Tcp of ? of ? ? ?- - Dport 3389 -j DNAT- - To Xx.xx.xx.xx

#iptables -t Nat -I POSTROUTING -p Tcp of ? of ? ? ?- - Dport 3389 -j MASQUERADE

? ? commands the first times express to allow data to wrap transmit;The second command states transmit TCP 3389 arrives Xx.xx.xx.xx;The third command expresses to make transmit data includes implementation " two-way access " ,To data the bag installs to return a passageway correctly.If want to make transmit permanent become effective,Can add above command / in Etc/rc.local file.

? ? such,When what hacker scanning server opens port,Cannot find 22 port,The 3389 port that see a camouflage however,The type that cannot judge an operating system correctly thereby.

? ? is aimed at Netcraft

? ? Netcraft is a very fierce scanning engine,It passes simple TCP 80,Wu of kimono of program of service of the operating system that can know to measure a server, Web implement switch on the mobile phone time (the information such as Uptime) .

A few kinds of methods that introduce above ? ? to Netcraft,All not be successful.In the light of Netcraft,Can use Iptables to undertake the system is pretended,Make Netcraft mistake judges an operating system:

#iptables -t Nat -I PREROUTING -s 195.92.95.0/24 -p of ? of ? ? ?

Tcp of ? of ? of ? ? ?- - Dport 80 -j DNAT- - To Xx.xx.xx.xx

#iptables -t Nat -I POSTROUTING -s 195.92.95.0/24 -p of ? of ? ? ?

Tcp of ? of ? of ? ? ?- - Dport 80 -j MASQUERADE

Because ? ? passes the discovery that grab a sack,The server of Netcraft is more than,So need is in a net to it paragraph undertake transmit cheats processing.

? ? brief summary

Method of ? ? above can prevent from some kind of angle only and the obstruct hacker analysis to systematic flaw,In the possibility that the computer can reduce to be atttacked on certain level,But remain " prevent gentleman,Do not prevent a mean person " ,It is the new thinking that offers a work to learn to be used alive to everybody only.