For Linux systems with Windows veil

4. for 3389 port and 22 port 3389 port sometimes through scanning and 22 of the port, or you can infer the type of operating system.

Windows general use TCP port 3389 for remote control, Linux may use TCP port 22, provide SSH with encrypted transmission. For the sake of security, you can use iptables to restrict SSH login 22 port, so that non-authorized IP scan not TCP22 ports exist: # iptables-IINPUT-s! xx.xx.xx.xx-ptcp--dport22-jDROP use iptables, a native of TCP3389 port over to other open 3389 port on your computer, to camouflage a Linux system to provide services of TCP3389 port. Command: # echo1 >/proc/sys/net/ipv4/ip_forward # iptables-tnat-IPREROUTING-ptcp--dport3389-jDNAT--toxx.xx.xx.xx # iptables-tnat-IPOSTROUTING-ptcp--dport3389-jMASQUERADE first command allows packets forwarded; the second command that forwarding TCP3389 to xx.xx.xx.xx; the third command indicates that the forward packets "bi-directional pathway", to set a correct packets back to the channel. If you want to bring forward a permanent, you can put the above command is added to the/etc/rc.local file. That way, when hackers scan server by opening a port, they cannot find port 22, but saw a disguise of 3389 port, thus does not correctly determine the type of operating system. 5. for netcratnetcraft is a very powerful scan engine, it simply TCP80, can know the logging server operating system, Web server and server startup time (Uptime), and other information. The above describes several methods on netcraft, are not effective. For netcraft can use iptables to camouflage the netcraft system errors to determine the operating system: # iptables-tnat-IPREROUTING-s195.92.95.0/24-ptcp--dport80-jDNAT--toxx.xx.xx.xx # iptables-tnat-IPOSTROUTING-s195.92.95.0/24-ptcp--dport80-jMASQUERADE due by grab bag, netcraft discovered more than one server, so the need for its network segment being forwarded to deceive. VI. Summary of the above method can only be from a certain point on the prevention and thwart hackers on system vulnerability analysis, to some extent reduces the possibility of a computer attack, but remains "the gentleman, not proof against the villain", just to provide an opportunity to use the new thinking.