Linux pages by ndrix
>ndrix Home <		Linux Home	Linux projects	Linux Links

Linux Kernel   kernel Linux 2.2 Stealth patch Downloads Links

Linux 2.2 STEALTH patch Patch for the Linux kernels 2.2 series (2.2.17 and later) for network stealth capabilities. These patches will make your machine all but invisible on the network and seriously affect the efficiency of portscanners and OS fingerprinting. This patch has been built by combining features of two similar patches I've found on the net. See below for the original patches and authors. Features Add ability to make your machine almost invisible on the network. While standard TCP/IP stack gives you the option to ignore ICMP broadcasts and not to reply them, or ignore ICMP completely, this patch will add more such feature to your kernel, via /proc. These features are not enabled by default. Do not send TCP RST packets (no "Connection Refused") Do not send ICMP_UNREACH on udp (Prevents UDP portscans) Do not reply to ICMP requests (Excluding ping) Do not reply to IGMP requests Add STEALTH scan protections (not enabled by default, configured via /proc) : Ignore invalid TCP ACK packets Ignore packets with bogus flags Ignore SYN/FIN scans STEALTH logger : LOG all dropped bogus packets Results With all of the above options enabled, the following results have been obtained with a Slackware Linux 7.0 machine with kernel 2.2.17 : Port scanning for TCP or UDP ports on this machine takes forever OS fingerprinting by nmap 2.53 goes wild. Once it was identified as Sun Solaris 2.4, other times as Bay Networks router, other times fingerprinting was not possible. Tool for fingerprinting was nmap 2.53 and 2.54 What about 2.4 kernels ? Most of what this patch does can be done with iptables and 2.4 kernels. Consequently Robert Salizar states that he will not port it to 2.4 kernels. See more on his page. OS fingerprinting protection has been taken futher and now you can make your machine to behave in any way you want for scanning tools to see. More information at: http://ippersonality.sourceforge.net/ Installation Decompress linux-2.2.17-net_stealth.patch.gz into /usr/src/linux patch -p2 -l < linux-2.2.17-net_stealth.patch.gz Reconfigure your kernel. Under Networking options you have some new options : IP: Stealth Code (not enabled per default) IP: TCP stack options (not enabled per default) Log all droped packets Select them as desired. Remember that they are NOT enabled by default. Use /proc interface to enable them. Recompile the kernel and install it Enable Stealth code and use a network scanner (like nmap) on yourself. Original authors Robert Salizar Original patch for TCP and UDP closed ports filtering here: http://www.energymech.net/madcamel/fm/ Unknown. Original patch for bogus packet drop and logging here : http://www.innu.org/~sean/