Re: how to change OS idenfication?

• Previous message: C. Ulrich: "Re: how to change OS idenfication?"
• In reply to: C. Ulrich: "Re: how to change OS idenfication?"
• Next in thread: Dave Ingram: "Re: how to change OS idenfication?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "C. Ulrich" <dincht@securenym.net>
Date: Wed, 18 Feb 2004 10:13:40 -0800

It might be a simple matter to have some /dev/null
listeners on ports 135, 137, 139. OS fingerprinting
probably looks at open ports as much as it looks at
variations in tcp sequences, etc. But, yes, it's not
worth the bother to attempt a more perfect impersonation.

-Truxton

C. Ulrich wrote (at Wed, 18 Feb 2004 02:44:20 -0500) :
>
>
> On Tue, 2004-02-17 at 05:20, Monty Ree wrote:
>> Hello, all.
>>
>> I have operated linux sevrer and I would like to change the OS
>> identification.
>> So using nmap, I would like to be seen Windows instead of linux for
>> security reason.
>>
>> I heard that ippersonality(http://ippersonality.sourceforge.net) enable
>> this.
>> But the development of the ippersonality seems to be stopped.
>>
>> Is there any other method to change the OS identification?
>>
>> Thanks in advance.
>
> Unless memory fails me, nmap detects the remote operating system by
> looking for slight variations in the responses that it gets from certain
> probes and other information coming back from the host. There is no
> string lying about somewhere in the packets that says, "Hi, I'm a Linux
> machine" for example. One would have to tweak almost every part of the
> networking code in order to make the packets appear that they're coming
> from some other particular operating system. If someone actually did
> this, the nmap authors could conceivably update their code to correct
> for the modifications in a later version, which then defeats the purpose
> of the modifications, which then creates a vicious circle that spirals
> out of control, causing earthquakes and eradicating whole hemispheres of
> the planet, ad ininitum, ad nauseum, etc.
>
> You can see that it would just be a huge mess that, frankly, nobody
> wants to deal with. For information on how nmap fingerprinting works,
> see:
>
> http://www.insecure.org/nmap/nmap-fingerprinting-article.html
>
> I'd guess that a good firewall and applying proper security procedures
> would go a lot further than trying to spoof your OS fingerprint.
>
> Charles Ulrich
>
> P.S. You want your server to appear to be running Windows instead of
> Linux for security reasons? You're an interesting character. :)

• Previous message: C. Ulrich: "Re: how to change OS idenfication?"
• In reply to: C. Ulrich: "Re: how to change OS idenfication?"
• Next in thread: Dave Ingram: "Re: how to change OS idenfication?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: IP Trace Utilities ... so you can tell whether it's a printer or a Windows or Linux ... Where can a network come from? ... On TCP/IP level you can use nmap. ... you can see open ports. ... (comp.os.linux.networking) Re: How to block nmap OS fingerprinting using ipfw ? ... > block nmap OS fingerprinting scan. ... Nmap is not the only application out there ... I know ipfw, but I've never felt the need to prevent against Nmaps ... (comp.security.firewalls) Re: network analysis tool ... another good too is X probe project by Ofir Arking and Fyodor ... As the webpage mentions, X probe doesn't use TCP, but instead, ICMP. ... > Take a look at nmap, ... > about TCP OS stack fingerprinting in nmap's package. ... (Security-Basics) SinFP 1.01, new version of the OS fingerprinting next generation tool ... SinFP is a new approach to OS fingerprinting, which bypasses limitations ... Nmap approaches to fingerprinting as shown to be efficient for years. ... (Pen-Test) RE: Faking OS fingerprinting in Windows ... This device may be port forwarding port 80 to a w2k server(?) ... Hence it may be the device it nmap says it is. ... Faking OS fingerprinting in Windows ... (Security-Basics)