Re: nmap os detection!

[Leo Security <security () fastmail fm>]

It is generally not good to change the OS parameters. If its detectable, 
let it be. Best thing to do is to unplug all the holes on regular basis 
and configure your firewall to work at its optimum.

Leo

Ethan wrote:

> There was just a thread about this on the honeypot mailling list
> (honeypots () securityfocus com).  Not only can you make the OS undetectable,
> you can also fake other OS's in the nmap scan.  Links from honeypot threads:
>
> http://ippersonality.sourceforge.net/
> http://www.raisdorf.net/projects/pfprintd/
>
> you also might be interested in honeynet
> http://www.citi.umich.edu/u/provos/honeyd/
>
> There are kernel options (TCP_DROP_SYNFIN) you can set to blackhole OS
> guessing.  Check the honeypot archive for specifics.
>
> -Ethan
>
>
>
> -----Original Message-----
> From: Prathap R [mailto:prathap.r () indiatimes com]
> Sent: Friday, February 07, 2003 6:44 AM
> To: SECURITY-BASICS () securityfocus com
> Subject: nmap os detection!
>
>
> hello all,
>         i just used nmap to detect the os on the network. out of
> curiosity,i want to know if there is a way of making the OS undetectable. it
> will be of great help if anyone could point out how do it?. i am using both
> windows and linux.
> thanks in advance.
> regards,
>       Prathap
>
>
>
> Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
>
> Buy the best in Movies at http://www.videos.indiatimes.com
>
> Bid for for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
> http://airsahara.indiatimes.com and Bid Now !
>
>
>