Security Basics mailing list archives

RE: nmap os detection!

From: "Ethan" <ethan () shame mine nu>
Date: Fri, 7 Feb 2003 11:05:12 -0800

There was just a thread about this on the honeypot mailling list
(honeypots () securityfocus com).  Not only can you make the OS undetectable,
you can also fake other OS's in the nmap scan.  Links from honeypot threads:

http://ippersonality.sourceforge.net/
http://www.raisdorf.net/projects/pfprintd/

you also might be interested in honeynet
http://www.citi.umich.edu/u/provos/honeyd/

There are kernel options (TCP_DROP_SYNFIN) you can set to blackhole OS
guessing.  Check the honeypot archive for specifics.

-Ethan



-----Original Message-----
From: Prathap R [mailto:prathap.r () indiatimes com]
Sent: Friday, February 07, 2003 6:44 AM
To: SECURITY-BASICS () securityfocus com
Subject: nmap os detection!


hello all,
         i just used nmap to detect the os on the network. out of
curiosity,i want to know if there is a way of making the OS undetectable. it
will be of great help if anyone could point out how do it?. i am using both
windows and linux.
thanks in advance.
regards,
       Prathap



Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com

 Buy the best in Movies at http://www.videos.indiatimes.com

Bid for for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
http://airsahara.indiatimes.com and Bid Now !

Current thread:

nmap os detection! Prathap R (Feb 07)
- Re: nmap os detection! Brad Arlt (Feb 07)
- RE: nmap os detection! Ethan (Feb 07)
  - Re: nmap os detection! Leo Security (Feb 10)
- Re: nmap os detection! flur (Feb 07)
- Re: nmap os detection! Caleb Humberd (Feb 10)
- <Possible follow-ups>
- nmap os detection! tburns (Feb 07)