Re: how to change OS idenfication?
From: Christophe Sahut (CleeK_at_nogoa.org)
Date: Wed, 18 Feb 2004 20:41:29 +0100 To: "C. Ulrich" <firstname.lastname@example.org>
C. Ulrich a écrit :
> Unless memory fails me, nmap detects the remote operating system by
> looking for slight variations in the responses that it gets from certain
> probes and other information coming back from the host. There is no
> string lying about somewhere in the packets that says, "Hi, I'm a Linux
> machine" for example. One would have to tweak almost every part of the
> networking code in order to make the packets appear that they're coming
> from some other particular operating system. If someone actually did
> this, the nmap authors could conceivably update their code to correct
> for the modifications in a later version, which then defeats the purpose
> of the modifications, which then creates a vicious circle that spirals
> out of control, causing earthquakes and eradicating whole hemispheres of
> the planet, ad ininitum, ad nauseum, etc.
If each one adjusts his tcp/ip settings ramdomly, it's impossible to
create such a database (that means that the tcp/ip stack of Mr Foo
reacts this way, I know that he has an openbsd box, but Mr Bar could
have the same settings running a Linux box). We can only create a
database of systems tcp/ip stacks with their defaults settings (tcp
windows size, default ttl, reaction regarding some tcp flags etc...).
The other way is to look like another operating system and then receive
exploits that don't work on us, but this still be security through
obscurity which is bad (tm).
-- Christophe Sahut