#!/bin/sh
#######
###
#
# Tweak various sysctl values in a 2.4 linux kernel to
# thwart OS detection, make other peoples live's difficult, etc. 
#
# jhart (warchild@spoofed.org)
#
#
#warchild@cuba
#[/usr/src/linux]$ sudo nmap -O localhost
#
#Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
#Interesting ports on localhost (127.0.0.1):
#(The 1548 ports scanned but not shown below are in state: closed)
#Port       State       Service
#22/tcp     open        ssh                     
#
#No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
#TCP/IP fingerprint:
#SInfo(V=2.54BETA30%P=i686-pc-linux-gnu%D=11/26%Time=3C022877%O=22%C=1)
#TSeq(Class=RI%gcd=1%SI=362E8D%IPID=Z%TS=U)
#TSeq(Class=RI%gcd=1%SI=362B90%IPID=Z%TS=U)
#TSeq(Class=RI%gcd=1%SI=362A8F%IPID=Z%TS=U)
#T1(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNW)
#T2(Resp=N)
#T3(Resp=Y%DF=Y%W=7FFF%ACK=S++%Flags=AS%Ops=MNW)
#T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
#T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
#T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
#T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
#PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
#
#
#
#
#Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds
#
# ..... w/o nethacks
# Remote operating system guess: Linux 2.4.7 (X86) 
#
###
#######
IP_FORWARD=/proc/sys/net/ipv4/ip_forward
IP_DEFAULT_TTL=/proc/sys/net/ipv4/ip_default_ttl
IP_LOCAL_PORT_RANGE=/proc/sys/net/ipv4/ip_local_port_range
ICMP_ECHO_IGNORE_ALL=/proc/sys/net/ipv4/icmp_echo_ignore_all
ICMP_ECHO_IGNORE_BROADCASTS=/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
TCP_TIMESTAMPS=/proc/sys/net/ipv4/tcp_timestamps
####
# Turn on ip forwarding (for things like dnsspoof, etc
# must set this first (it sets all others to their default)
####
if [ -f $IP_FORWARD ]; then
	echo "Turning on packet forwarding"
	echo 1 > $IP_FORWARD 
else
	echo "Couldn't find $IP_FORWARD"
	echo "...packet forwarding is OFF"
fi
####
# change default ttl.
# The default ttl for the 2.4 kernel is 64.  Make this different.  Lower is bad
# because it could potentially hinder system performance -- set it to < 2
# and try to use the 'net (hint: it won't happen).  255 is a happy medium.
####
if [ -f $IP_DEFAULT_TTL ]; then
	echo "Changing default TTL (fsck nmap)"
	echo 255 > $IP_DEFAULT_TTL 
else
	echo "Couldn't find $IP_DEFAULT_TTL"
	echo "...using default TTL"
fi
####
# ignore icmp echos
# The poor-mans firewall.  Ignore _all_ incoming echo requests on all
# interfaces.
####
if [ -f $ICMP_ECHO_IGNORE_ALL ]; then
	echo "Ignoring icmp echos"
	echo 1 > $ICMP_ECHO_IGNORE_ALL 
else
	echo "Couldn't find $ICMP_ECHO_IGNORE_ALL"
	echo "...Can't ignore icmp echos"
fi
####
# ignore icmp echo broadcasts
####
if [ -f $ICMP_ECHO_IGNORE_BROADCASTS ]; then
	echo "Ignoring icmp echo broadcasts"
	echo 1 > $ICMP_ECHO_IGNORE_BROADCASTS 
else
	echo "Couldn't find $ICMP_ECHO_IGNORE_BROADCASTS"
	echo "...Can't ignore icmp echo broadcasts"
fi
####
# ignore timestamp requests.
# These can be used to determine system time, and, 
# as a result, system uptime.
####
if [ -f $TCP_TIMESTAMPS ]; then
	echo "Ignoring timestamp requests (fsck nmap -O)"
	echo 0 > $TCP_TIMESTAMPS 
else
	echo "Couldn't find $TCP_TIMESTAMPS"
	echo "...timestamps allowed"
fi
####
# change local port range.
# different OSs use different ranges of ports for locally initiated
# connections.  This trait can be used to narrow down selections
# in OS detection.  Pick something that is not specific to the 2.4 kernel.
####
if [ -f $IP_LOCAL_PORT_RANGE ]; then
	echo "Changing local port range"
	echo 50000 65000 > $IP_LOCAL_PORT_RANGE 
else
	echo "Couldn't find $IP_LOCAL_PORT_RANGE"
fi