On 2015-09-18 Fri 09:09:05 +0000 William A. Mahaffey III <w...@hiwaay.net>,
wrote:
> On 09/18/15 08:47, Daniel DP. Plominski wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > well, encryption does not cost much, most mobile devices are now fast enough
> > for IP obfuscation there vpn providers or anonymity networks like Tor
> >
> > you should look for "when leaken metadata", customized Firefox
> > versionslike the "torbundle" package or FreeBSD features such as:
> > disabled tcp timpstamp, activated net.inet.ip.stealth etc.
> >
> > may be that the most information are not critical of freebsd.org
> > on a page about political commitment, however, twice what you click on
> >
> > in the post snowden/nsa area, i think it is not heard now de rigueur,
> > but should be compulsory
>
> Where is that 'net.inet.ip.stealth' setting ? I didn't find it in my
> /etc/defaults/rc.conf file ....
What about:
$ sysctl -d net.inet.ip.stealth
net.inet.ip.stealth: IP stealth mode, no TTL decrementation on forwarding
$ sysctl -d net.inet.ip.random_id
net.inet.ip.random_id: Assign random ip_id values
Add them to /etc/sysctl.conf
To good health
--
The liberals can understand everything but people who don't understand them.
-- Lenny Bruce
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
