www.LinuxHowtos.org

edit this article

Disable uptime detection from external mashines

With the right tools you can "sniff" the uptime of a linux mashine only by sending and analysing tcp packets. The tool nmap does such a test.

Example output from nmap:

Interesting ports on 192.168.70.121:  
PORT   STATE  SERVICE  
80/tcp open   http  
81/tcp closed hosts2-ns  
Device type: general purpose  
Running: Linux 2.4.X|2.5.X  
OS details: Linux Kernel 2.4.18 - 2.5.70 (X86)  
Uptime 0.667 days (since Thu Oct 21 03:21:03 2004)

This uptime statistics can be disabled by running the following command:
echo 0>/proc/sys/net/ipv4/tcp_timestamp

running nmap after that:
...  
Running: Linux 2.4.X|2.5.X  
OS details: Linux Kernel 2.4.0 - 2.5.20 w/o tcp_timestamps  
...

You can add that line above to you init script or modify /etc/sysctl.conf and add that line:
net.ipv4.tcp_timestamp=0

rate this article:
current rating: average rating: 1.3 (42 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back