Hide TTL configuration

jonathanvlan · December 18, 2023, 7:09pm

hi guys

Time To Live allows the identification of the operating system, most Linux defaults to 64
this allows an attacker to identify the Linux version . when using analysis tools you can
send non-existent TTL requests .

Modification kernel/incluide/uapi/linux/ip.h

#define IPVERSION  4
#define MAXTTL	  255
#define IPDEFTTL  64

The value can be modified to different operating systems

64  – Linux/MAC OSX systems
128 – Windows systems
255 – Network devices

Modify this line to prevent Linux from being detected by TTL.
#define IPDEFTTL  222

you can do a script every 3 minutes change the TTL

echo 111 > /proc/sys/net/ipv4/ip_default_ttl
echo 58 > /proc/sys/net/ipv4/ip_default_ttl
echo 71 > /proc/sys/net/ipv4/ip_default_ttl
etc ..

This script will continuously protect TTL responses

Patrick · December 19, 2023, 12:58pm

Where are you getting this from? There are many ways to passively fingerprint networking or actively probe it.

Chapter ISP or Local Network Administrators.

This would require research to show that this is actually useful and not harmful. For example, see: