I am a newbie. I have tried to change ttl value in OpenBSD by adding new line: net.inet.ip.ttl=125 to /etc/sysctl.conf file. It doesn't work. Do I need to change /etc/pf.conf file as well?

OpenBSD version: 4.3

Not sure about OpenBSD, but changing the line in sysclt.conf works for me, in my machines running FreeBSD 6.3 and 7.0.

Out of curiousity, are you trying to mask OpenBSD as Windows by changing the ttl?

Did you reboot after adding the line into sysctl.conf?

sysctl.conf is for making changes permanent, use sysctl for immediate results. (Some can't be set at higher securelevels though..)

Note: don't randomly toggle sysctl values unless you're absolutely sure it's the right thing to do.

I have rebooted my system already, still not working. I tried to change the ttl value by just using sysctl, however, when i ping my machine, still not not working. That's why i asked, Do I need to change /etc/pf.conf file as well?

I just looked up the man pages of sysctl(3), it states "Not to ICMP". Is there a way that I can change ttl value for ICMP as well?

" ip.ttl The maximum time-to-live (hop count) value for an IP
packet sourced by the system. This value applies to nor-
mal transport protocols, not to ICMP."

It is always good, when asking these sorts of questions, to state what it is you actually want to accomplish.

For example, traceroute(8) manipulates TTL values in order to function. If you were to force ICMP packets to have specific TTL values, traceroute will no longer function. Is that your intent? If you wish to obfuscate information, easier would be to block ICMP packets entirely.

I do not want to block ICMP packets entirely. That would be too easy for you to answer my question. lol. I intended to change the ttl value to 125. I am a newbie, correct me if were wrong. I want to get 3 answers here,

1. /etc/sysctl.conf file (I tried it by add new line: net.inet.ip.ttl=125
If it works on FreeBSD, it should work on OpenBSD as well, right? Did anyone try this on OpenBSD?);
2. /etc/pf.conf file (I tried to add two lines: scrub in on $ext_if all min-ttl 125
scrub out on $ext_if all min-ttl 125
restart computer, still no luck);
3. Kernel (by default, the ttl value is 255, where in the kernel that I can jump in and change this value?)

...I intended to change the ttl value to 125.Why? What is the outcome you expect?I am a newbie, correct me if were wrong.Welcome. I only found one obvious thing wrong (other than your desire to muck about with TTL values), and that is your assumption that...If it works on FreeBSD, it should work on OpenBSD as well, right?This would be a poor assumption. Sometimes, yes. But mostly, no. They are both BSDs but they have been on separate paths for 14 years. Hundreds of thousands of changes have been made to both operating systems.Did anyone try this on OpenBSD?); Just now:# sysctl net.inet.ip.ttl
net.inet.ip.ttl=64
# sysctl net.inet.ip.ttl=125
net.inet.ip.ttl: 64 -> 125
# sysctl net.inet.ip.ttl
net.inet.ip.ttl=125
# 2. /etc/pf.conf I have not mucked about with stack settings in pf; my understanding is murky of which would override the other .... primarily because I don't muck about with TCP/IP stack configuration.3. Kernel (by default, the ttl value is 255, where in the kernel that I can jump in and change this value?)As you saw above, my sysctl reports the kernel value used by the stack (unless PF gets involved, perhaps) is 64. I am running 4.4-beta (-current), on i386.

Why? What is the outcome you expect?
I will answer this question later.


# sysctl net.inet.ip.ttl
net.inet.ip.ttl=64
# sysctl net.inet.ip.ttl=125
net.inet.ip.ttl: 64 -> 125
# sysctl net.inet.ip.ttl
net.inet.ip.ttl=125
#

I tried the above as well. However, when I pinged my box, it returns 255 as ttl value. Is it because of ICMP? I want other people to ping my box, it returns 125.

As you saw above, my sysctl reports the kernel value used by the stack (unless PF gets involved, perhaps) is 64.
Why it is 64 but not 255? Are there somewhere in the Kernel that I can change both 64 and 255 to 125?
I am a newbie, never mess with the Kernel before, but I would like to give it a try.

As you had discovered, already, ICMP packets set the value to 255. Other protocols use the sysctl value.

As I mentioned above, this is used by traceroute(8), and also by ping(1). There's a nice discussion of TTL in the ping(1) man page.

If you want to muck about in the kernel source.. have fun. The source is packaged with the CD-ROMs, and may also be downloaded from your nearest mirror. You might find src/sys/netinet/ip_icmp.c a good starting point for looking at ICMP logic.

FAQ 5 is required reading, if you are interested in modifying the source and rebuilding the kernel.

You have still not articulated a reason why you want 125 in the TTL field for ICMP ECHO packets.

I believe it is a complete waste of your time to do this. But you are a newbie, and I am unable to dissuade you from going down this path.

Please try to have fun. Don't forget to back up your -release kernel. And good luck to you.

I tried the above as well. However, when I pinged my box, it returns 255 as ttl value. Is it because of ICMP? I want other people to ping my box, it returns 125.

Sounds like your "other people" are outside your subnet, so it cant return them 125. This is networking fundamental

You have still not articulated a reason why you want 125 in the TTL field for ICMP ECHO packets.


My educated guess would be the OP is trying to spoof OpenBSD as Windows machine by ttl value. IIRC, by default, ttl is set to 128 and 64 for Windows and *nix machine respectively. Its kind of "security through obscurity"

I have no clues on which files that I should change, Please Help! I want 125 in the TTL field for ICMP ECHO packets. Here are my codes,

# pwd
/usr/src/sys/netinet/
# grep "255" *.c
ip_carp.c:
ip_mroute.c:

Should I replace 125 on ip_carp.c and ip_mroute.c? It is not that easy, right?

...It is not that easy, right?Right. It's not that easy. Note:$ man -k mroute
mrouted (8) - IP multicast routing daemon
$ man -k carp
...
carp (4) - Common Address Redundancy Protocol
...Neither of these modules are related to ICMP. You apparently will need to have more technical knowledge than you currently possess.

I note you still haven't said why you insist on doing this. 18Googol2 suggested it might be for "security through obscurity." If so, my opinion hasn't changed: you are wasting your time. The consensus of the OpenBSD Project is that security through obscurity is a fallacy. I agree. It may seem plausible to newcomers, but it provides no advantages and may lull one into false assumptions of security.

It's surprising the discussion went this far without the OP stating the "why" for his wishes... and as Jggimi stated, if it's security via obscurity you are looking for, look elsewhere.

Until you explain why you "need" this, no one can really help.

Well, we could help without that information, but ... no one, I think, is terribly interested in helping. :)

There is no win-win situation here. I don't care what is your religion, and I don't want to argue about your definition of security. I am a newbie, I tried to mess with the OPENBSD kernel, still no lucky. I will keep trying, ,what a loser I am!

Good Luck to you.

Good Luck to you.

good luck to you too.