Re: how to change OS idenfication?

• Previous message: Monty Ree: "how to change OS idenfication?"
• In reply to: Monty Ree: "how to change OS idenfication?"
• Next in thread: Truxton Fulton: "Re: how to change OS idenfication?"
• Reply: Truxton Fulton: "Re: how to change OS idenfication?"
• Reply: Dave Ingram: "Re: how to change OS idenfication?"
• Reply: Christophe Sahut: "Re: how to change OS idenfication?"
• Reply: Phil Dyer: "RE: how to change OS idenfication?"
• Reply: Stef: "Re: how to change OS idenfication?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Monty Ree <chulmin2@hotmail.com>
Date: Wed, 18 Feb 2004 02:44:20 -0500

On Tue, 2004-02-17 at 05:20, Monty Ree wrote:
> Hello, all.
>
> I have operated linux sevrer and I would like to change the OS
> identification.
> So using nmap, I would like to be seen Windows instead of linux for
> security reason.
>
> I heard that ippersonality(http://ippersonality.sourceforge.net) enable
> this.
> But the development of the ippersonality seems to be stopped.
>
> Is there any other method to change the OS identification?
>
> Thanks in advance.

Unless memory fails me, nmap detects the remote operating system by
looking for slight variations in the responses that it gets from certain
probes and other information coming back from the host. There is no
string lying about somewhere in the packets that says, "Hi, I'm a Linux
machine" for example. One would have to tweak almost every part of the
networking code in order to make the packets appear that they're coming
from some other particular operating system. If someone actually did
this, the nmap authors could conceivably update their code to correct
for the modifications in a later version, which then defeats the purpose
of the modifications, which then creates a vicious circle that spirals
out of control, causing earthquakes and eradicating whole hemispheres of
the planet, ad ininitum, ad nauseum, etc.

You can see that it would just be a huge mess that, frankly, nobody
wants to deal with. For information on how nmap fingerprinting works,
see:

http://www.insecure.org/nmap/nmap-fingerprinting-article.html

I'd guess that a good firewall and applying proper security procedures
would go a lot further than trying to spoof your OS fingerprint.

Charles Ulrich

P.S. You want your server to appear to be running Windows instead of
Linux for security reasons? You're an interesting character. :)

-- 
http://bityard.net

• Previous message: Monty Ree: "how to change OS idenfication?"
• In reply to: Monty Ree: "how to change OS idenfication?"
• Next in thread: Truxton Fulton: "Re: how to change OS idenfication?"
• Reply: Truxton Fulton: "Re: how to change OS idenfication?"
• Reply: Dave Ingram: "Re: how to change OS idenfication?"
• Reply: Christophe Sahut: "Re: how to change OS idenfication?"
• Reply: Phil Dyer: "RE: how to change OS idenfication?"
• Reply: Stef: "Re: how to change OS idenfication?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]