Bugtraq mailing list archives
Re: Preventing remote OS detection
From: antirez () SECLAB COM (Salvatore Sanfilippo)
Date: Tue, 23 Feb 1999 11:33:24 +0100
On Mon, Feb 22, 1999 at 11:55:43AM -0500, Patrick Gilbert wrote:
How can we mask our operating system from these tcp/ip stack fingerprinting tools while still being functional?
Re, In your article you advice that is possible to filter SAF using ipfilter. IMHO the best solution is to patch the kernel (source and GPL are already implemented for this pourpose.) For exaple in order to filter SAF: *** tcp_output.c Fri Nov 20 10:49:53 1998 --- tcp_output2.c Tue Feb 23 11:15:51 1999 *************** *** 1021,1026 **** --- 1021,1027 ---- t1->urg = 0; t1->rst = 0; t1->psh = 0; + t1->fin = 0; t1->ack_seq = htonl(newsk->acked_seq); t1->doff = sizeof(*t1)/4+1; t1->res1 = 0; Kernel patching can also mask window size and other tcp/ip implementation peculiarity. In spite of this if a lot of people use the same kernel patch nmap and queslo will be able to identify something as follow: Linux 2.0.36 with yayaye patch 1.0 I think that patching your kernel in order to emulate win95 tcp/ip stack is the best solution... :) bye, antirez -- Salvatore Sanfilippo Intesis SECURITY LAB Phone: +39-02-671563.1 Via Settembrini, 35 Fax: +39-02-66981953 I-20124 Milano ITALY Email: antirez () seclab com
Current thread:
- Re: Process table attack (from RISKS Digest), (continued)
- Re: Process table attack (from RISKS Digest) unknown () RIVERSTYX NET (Feb 22)
- Re: Process table attack (from RISKS Digest) Andrew Hobgood (Feb 22)
- Denial of service process table attacks John Conover (Feb 23)
- Group kmem exploitable? Oliver Xymoron (Feb 23)
- Re: Pro/wuFTPD DoS Alex Belits (Feb 21)
- ISS install.iss security hole Fyodor (Feb 20)
- Re: ISS install.iss security hole Joel Eriksson (Feb 22)
- Preventing remote OS detection Patrick Gilbert (Feb 22)
- Re: Preventing remote OS detection James Lockwood (Feb 22)
- Re: Preventing remote OS detection route () RESENTMENT INFONEXUS COM (Feb 22)
- Re: Preventing remote OS detection Salvatore Sanfilippo (Feb 23)
- Re: ISS install.iss security hole Peter Benie (Feb 22)
- Re: ISS install.iss security hole Michael Warfield (Feb 22)
- BlackHats Advisory -- InterScan VirusWall The Unicorn (Feb 22)
- Microsoft Security Bulletin (MS99-007) aleph1 () UNDERGROUND ORG (Feb 22)