Security Incidents mailing list archives
Re: An Embryonic Counterintelligence Tool
From: vanja () RELAYGROUP COM (Vanja Hrustic)
Date: Wed, 19 Jan 2000 02:15:31 +0700
"Stephen P. Berry" wrote:
Several months ago, I asked if anyone knew of any tools (or projects to produce tools) that present an aribitrarily-chosen TCP fingerprint to a scanner. I had been fiddling around with such a thing, and was curious if there were any similar widgets already in a `finished product' state.
I know that IPLog can fool nMap OS finterprinting. I've just tested it for 10 minutes (V2.0), and I can confirm that it indeed managed to fool nMap. I don't use that tool, so I can't provide more information. You can get it at: http://ojnk.sourceforge.net/ Another thing that you might want to take a look at is - Snort. But take a look at beta (development) version. By creating proper rule (or/and using spp_portscanner preprocessor), you might 'catch' an OS fingerprinting attempt, and send the RST (or you can decide what you want to do with the connection by yourself). I did not try this, but I presume that it will at least 'confuse' the fingerprinting process. Might be worth trying :) Snort is available at: http://www.clark.net/~roesch/security.html There, you will find more information about getting the latest version from the CVS. Hope this helps. -- Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time
Current thread:
- Re: Log tools?, (continued)
- Re: Log tools? Gene Harris (Jan 18)
- Re: Log tools? Richard Trott (Jan 17)
- Re: Log tools? Pauline van Winsen (Jan 18)
- AMD/Port 100099 and portmap Daniel K. Boyd (Jan 18)
- Re: AMD/Port 100099 and portmap CyberPsychotic (Jan 18)
- Large quantity of traffic from amazon.com - source_port 3000 Peter Bates (Jan 13)
- Re: Port 4 Lutz Pressler (Jan 12)
- Re: Port 4 Vanja Hrustic (Jan 13)
- New vulnerability (fwd) Alfred Huger (Jan 13)
- An Embryonic Counterintelligence Tool Stephen P. Berry (Jan 14)
- Re: An Embryonic Counterintelligence Tool Vanja Hrustic (Jan 18)
- Maillog Suspicious flirtingboy20 (Jan 11)
- Re: Maillog Suspicious David A. Bandel (Jan 11)
- Re: Maillog Suspicious James Phillips (Jan 11)
- Re: Maillog Suspicious Yiorgos Adamopoulos (Jan 11)
- strange entrys in /var/log/messages Ben Russell (Jan 11)
- Re: strange entrys in /var/log/messages Christopher Wilson (Jan 12)
- Re: strange entrys in /var/log/messages Robert Graham (Jan 12)
- Re: Maillog Suspicious Jose Nazario (Jan 11)
- Re: Maillog Suspicious Larry W. Cashdollar (Jan 11)
- Attempted port scans. Steve (Jan 11)