Nmap Announce mailing list archives
Re: OS Detection Question
From: "Mr. Man" <mrman () darkside org>
Date: Wed, 3 May 2000 21:49:25 -0500 (CDT)
On Wed, 3 May 2000, John Turner wrote:
I have searched the net looking for a definitive answer to this question but have come up dry. QUESTION: Is there a way to completely fool (or block) OS detection from scanners (like nmap, queso, etc.) using the Linux OS? What about Windoze?
I believe there are patches available for certain versions of the Linux Kernel that allow you to fool OS detection tools. It's mostly a matter of re-writing the way the IP stack in Linux handles 'odd,' 'irregular,' or 'inappropriate' TCP packets or the default values on connection negotiations; i.e. certain combinates of TCP header flags, the default TCP Maximum Segment Size, etc. Ipfilter be used to block some of the generic forms of OS detection, but I've never used it with Linux.
Any insight would be greatly appreciated.
Check the following: http://lists.bastille-linux.org/pipermail/bastille-linux-discuss/2000-February/001020.html http://www.pgci.ca/p_fingerprint.html There was also a decent thread on Bugtraq on the subject back in Feb. of 1999. I'm sure you should also look at Fyodor's excellent article in Phrack54 (http://phrack.infonexus.com/search.phtml?view&article=p54-9) where he discusses methods of OS fingerprint detection.
John
__ joseph
Current thread:
- Re: OS Detection Question, (continued)
- Re: OS Detection Question Bruno Morisson (May 03)
- Re: OS Detection Question Saint skullY the Dazed (May 03)
- Re: OS Detection Question Marco Belmonte (May 04)
- Re: OS Detection Question Mr. Man (May 04)
- Re: OS Detection Question Cameron Palmer (May 05)
- Re: OS Detection Question Mr. Man (May 05)
- Re: OS Detection Question Fyodor (May 07)
- Re: Nmap vs DTK ? Nicodimus (May 11)
- Re: OS Detection Question Saint skullY the Dazed (May 04)
- Re: OS Detection Question Brian Kifiak (May 04)