[hanswuascht]

Running a quick nmap scan on the router reveals the version strings "dnsmasq 2.45" and "DD-WRT milli_httpd" for the domain and http service.

I'd like to hide them from the world, do I need to recompile the corresponding packages or is there another way to do this?

Also, is it possible to hide OS, uptime (which nmap guesses right), and hostname?

[hanswuascht]

So, I googled a lot and as it turns out:

• It is possible to hide the uptime by turning off TCP timestamps (so nmap cannot extrapolate anything). This can be done by running

  Code:

  echo 0 > /proc/sys/net/ipv4/tcp_timestamps

  
  As a side effect, nmap now reports the OS as "OpenWrt Kamikaze 8.09 (Linux 2.4.35.4)" (the kernel I use is 2.4.37).
  
  
• There is no easy way to hide your OS as nmap checks some network metrics (amongst other things) to figure it out. I'm definitely not going to fiddle around with those settings.
  

I still have no idea how to hide the services' version strings (eg. ssh shows up as "Dropbear sshd 0.52 (protocol 2.0)" and if it's possible to hide the router name/hostname. Any ideas?