|
|||
change ttl value
I am a newbie. I have tried to change ttl value in OpenBSD by adding new line: net.inet.ip.ttl=125 to /etc/sysctl.conf file. It doesn't work. Do I need to change /etc/pf.conf file as well?
OpenBSD version: 4.3 |
|
|||
Did you reboot after adding the line into sysctl.conf?
sysctl.conf is for making changes permanent, use sysctl(8) for immediate results. (Some can't be set at higher securelevels though..) Note: don't randomly toggle sysctl values unless you're absolutely sure it's the right thing to do. Last edited by BSDfan666; 2nd August 2008 at 03:00 AM. |
|
|||
I have rebooted my system already, still not working. I tried to change the ttl value by just using sysctl, however, when i ping my machine, still not not working. That's why i asked, Do I need to change /etc/pf.conf file as well?
|
|
|||
I just looked up the man pages of sysctl(3), it states "Not to ICMP". Is there a way that I can change ttl value for ICMP as well?
" ip.ttl The maximum time-to-live (hop count) value for an IP packet sourced by the system. This value applies to nor- mal transport protocols, not to ICMP." |
|
||||
It is always good, when asking these sorts of questions, to state what it is you actually want to accomplish.
For example, traceroute(8) manipulates TTL values in order to function. If you were to force ICMP packets to have specific TTL values, traceroute will no longer function. Is that your intent? If you wish to obfuscate information, easier would be to block ICMP packets entirely. |
|
|||
I do not want to block ICMP packets entirely. That would be too easy for you to answer my question. lol. I intended to change the ttl value to 125. I am a newbie, correct me if were wrong. I want to get 3 answers here,
1. /etc/sysctl.conf file (I tried it by add new line: net.inet.ip.ttl=125 If it works on FreeBSD, it should work on OpenBSD as well, right? Did anyone try this on OpenBSD?); 2. /etc/pf.conf file (I tried to add two lines: scrub in on $ext_if all min-ttl 125 scrub out on $ext_if all min-ttl 125 restart computer, still no luck); 3. Kernel (by default, the ttl value is 255, where in the kernel that I can jump in and change this value?) |
|
|||||
Why? What is the outcome you expect?
Quote:
Quote:
Quote:
Code:
# sysctl net.inet.ip.ttl net.inet.ip.ttl=64 # sysctl net.inet.ip.ttl=125 net.inet.ip.ttl: 64 -> 125 # sysctl net.inet.ip.ttl net.inet.ip.ttl=125 # Quote:
Quote:
|
|
|||
I will answer this question later.
Quote:
Quote:
I am a newbie, never mess with the Kernel before, but I would like to give it a try. |
|
||||
As you had discovered, already, ICMP packets set the value to 255. Other protocols use the sysctl value.
As I mentioned above, this is used by traceroute(8), and also by ping(1). There's a nice discussion of TTL in the ping(1) man page. If you want to muck about in the kernel source.. have fun. The source is packaged with the CD-ROMs, and may also be downloaded from your nearest mirror. You might find src/sys/netinet/ip_icmp.c a good starting point for looking at ICMP logic. FAQ 5 is required reading, if you are interested in modifying the source and rebuilding the kernel. You have still not articulated a reason why you want 125 in the TTL field for ICMP ECHO packets. I believe it is a complete waste of your time to do this. But you are a newbie, and I am unable to dissuade you from going down this path. Please try to have fun. Don't forget to back up your -release kernel. And good luck to you. |
|
||||
Quote:
My educated guess would be the OP is trying to spoof OpenBSD as Windows machine by ttl value. IIRC, by default, ttl is set to 128 and 64 for Windows and *nix machine respectively. Its kind of "security through obscurity" |
|
|||
I have no clues on which files that I should change, Please Help! I want 125 in the TTL field for ICMP ECHO packets. Here are my codes,
# pwd /usr/src/sys/netinet/ # grep "255" *.c ip_carp.c: ip_mroute.c: Should I replace 125 on ip_carp.c and ip_mroute.c? It is not that easy, right? |
|
||||
Right. It's not that easy. Note:
Code:
$ man -k mroute mrouted (8) - IP multicast routing daemon $ man -k carp ... carp (4) - Common Address Redundancy Protocol ... I note you still haven't said why you insist on doing this. 18Googol2 suggested it might be for "security through obscurity." If so, my opinion hasn't changed: you are wasting your time. The consensus of the OpenBSD Project is that security through obscurity is a fallacy. I agree. It may seem plausible to newcomers, but it provides no advantages and may lull one into false assumptions of security. |
|
|||
There is no win-win situation here. I don't care what is your religion, and I don't want to argue about your definition of security. I am a newbie, I tried to mess with the OPENBSD kernel, still no lucky. I will keep trying, ,what a loser I am!
|
|
|||
|
Tags |
ttl |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Change for rc.lkm | IdOp | NetBSD General | 2 | 24th August 2009 02:33 PM |
Username Change | ninjatux | Off-Topic | 3 | 24th March 2009 06:45 PM |
Change CRT to LCD | mfaridi | FreeBSD General | 19 | 9th September 2008 12:51 PM |
rpc.nfsd threads, how do i change them? | NathanL | FreeBSD General | 2 | 11th July 2008 11:28 AM |
Change the Size of a Slice | kienjakenobi | FreeBSD General | 9 | 27th June 2008 03:01 PM |