Re: How can I erase my fingertips .

From: batz (batsy@vapour.net)
Date: 03/29/02

• Next message: f.johan.beisser: "Re: SSH or Telnet?"
• Previous message: Crist J. Clark: "Re: SSH or Telnet?"
• In reply to: Kris Kennaway: "Re: How can I erase my fingertips ."
• Next in thread: Kris Kennaway: "Re: How can I erase my fingertips ."
• Reply: Kris Kennaway: "Re: How can I erase my fingertips ."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 29 Mar 2002 16:14:04 -0500 (EST)
From: batz <batsy@vapour.net>
To: Kris Kennaway <kris@obsecurity.org>

On Thu, 28 Mar 2002, Kris Kennaway wrote:

:You might be able to fool (the current version of) nmap, but it's
:impossible to remove the characteristic features which allow one to
:distinguish between one IP stack and another.

Actually, I remember when I was doing intrusion tests against sites
with sidewinder, it seemed to shuffle its responses so that we would
get different fingerprints. I never verified whether this was a sidewinder
feature, or because there was a traffic director in front of it, but
it is a part of intrusion testing lore anyway.

Also, because these fingerprints are specific signatures, and because
nmap can also be fingerprinted, one could simply write an equivalent
to fakeroute, which would listen for nmap OS scans, and jumble the
responses. I realize this doesn't mean altering the stack tho.

Funny, the security through obscurity (there needs to be a short form for
that) strategy never works, but improved security through adequate obfuscation
is often reasonable, while only just a few notches down the continuum. :)

--
batz
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: f.johan.beisser: "Re: SSH or Telnet?"
• Previous message: Crist J. Clark: "Re: SSH or Telnet?"
• In reply to: Kris Kennaway: "Re: How can I erase my fingertips ."
• Next in thread: Kris Kennaway: "Re: How can I erase my fingertips ."
• Reply: Kris Kennaway: "Re: How can I erase my fingertips ."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: RFC: Starting a stable kernel series off the 2.6 kernel ... >> improved by hiding detailed software versions from ... I wrote my original post with nmap in mind. ... > noticed all kinds of attacks against Linux using old ... IMHO, to have good security, 1) use open source and 2) ... (Linux-Kernel) [TOOL] Nmap Version 3.0 Released ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... We are pleased to announce that Nmap version is finally available at ... o Added ICMP Timestamp and Netmask ping types. ... Nmap still allows TCP "ping" as ... (Securiteam) RE: Nmap output ... it assigns three identifiers -- for the host nmap is running ... ports to mysql. ... > | job touches security, ... > industry event of the year. ... (Pen-Test) Re: NMAP Switches, -sS, -sT, etc. ... NMAP Switches, -sS, -sT, etc. ... Lead Information Security Analyst ... Download FREE whitepaper on how a managed service can help you: ... (Pen-Test) Re: NMAP Switches, -sS, -sT, etc. ... using NMAP to conduct "intensive/comprehensive" security testing. ... Host is down: ... Concerned about Web Application Security? ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-03