Re: how to change OS idenfication?

From: Christophe Sahut (
Date: 02/18/04

  • Next message: Phil Dyer: "RE: how to change OS idenfication?"
    Date: Wed, 18 Feb 2004 20:41:29 +0100
    To: "C. Ulrich" <>

    C. Ulrich a écrit :
    > Unless memory fails me, nmap detects the remote operating system by
    > looking for slight variations in the responses that it gets from certain
    > probes and other information coming back from the host. There is no
    > string lying about somewhere in the packets that says, "Hi, I'm a Linux
    > machine" for example. One would have to tweak almost every part of the
    > networking code in order to make the packets appear that they're coming
    > from some other particular operating system. If someone actually did
    > this, the nmap authors could conceivably update their code to correct
    > for the modifications in a later version, which then defeats the purpose
    > of the modifications, which then creates a vicious circle that spirals
    > out of control, causing earthquakes and eradicating whole hemispheres of
    > the planet, ad ininitum, ad nauseum, etc.

    If each one adjusts his tcp/ip settings ramdomly, it's impossible to
    create such a database (that means that the tcp/ip stack of Mr Foo
    reacts this way, I know that he has an openbsd box, but Mr Bar could
    have the same settings running a Linux box). We can only create a
    database of systems tcp/ip stacks with their defaults settings (tcp
    windows size, default ttl, reaction regarding some tcp flags etc...).

    The other way is to look like another operating system and then receive
    exploits that don't work on us, but this still be security through
    obscurity which is bad (tm).

    Christophe Sahut

  • Next message: Phil Dyer: "RE: how to change OS idenfication?"