Re: how to change OS idenfication?

From: Christophe Sahut (CleeK_at_nogoa.org)
Date: 02/18/04

  • Next message: Phil Dyer: "RE: how to change OS idenfication?" 
    Date: Wed, 18 Feb 2004 20:41:29 +0100
To: "C. Ulrich" <dincht@securenym.net>

    C. Ulrich a écrit :
    > Unless memory fails me, nmap detects the remote operating system by
    > looking for slight variations in the responses that it gets from certain
    > probes and other information coming back from the host. There is no
    > string lying about somewhere in the packets that says, "Hi, I'm a Linux
    > machine" for example. One would have to tweak almost every part of the
    > networking code in order to make the packets appear that they're coming
    > from some other particular operating system. If someone actually did
    > this, the nmap authors could conceivably update their code to correct
    > for the modifications in a later version, which then defeats the purpose
    > of the modifications, which then creates a vicious circle that spirals
    > out of control, causing earthquakes and eradicating whole hemispheres of
    > the planet, ad ininitum, ad nauseum, etc.
    >

    If each one adjusts his tcp/ip settings ramdomly, it's impossible to
    create such a database (that means that the tcp/ip stack of Mr Foo
    reacts this way, I know that he has an openbsd box, but Mr Bar could
    have the same settings running a Linux box). We can only create a
    database of systems tcp/ip stacks with their defaults settings (tcp
    windows size, default ttl, reaction regarding some tcp flags etc...).

    The other way is to look like another operating system and then receive
    exploits that don't work on us, but this still be security through
    obscurity which is bad (tm). 

    --
Christophe Sahut
  • Next message: Phil Dyer: "RE: how to change OS idenfication?"

    Relevant Pages

    • Re: how to change OS idenfication?
      ... nmap detects the remote operating system by ... the nmap authors could conceivably update their code to correct ... > create such a database (that means that the tcp/ip stack of Mr Foo ... > have the same settings running a Linux box). ...
      (Focus-Linux)
    • Re: how to change OS idenfication?
      ... >> I have operated linux sevrer and I would like to change the OS ... >> security reason. ... nmap detects the remote operating system by ...
      (Focus-Linux)
    • Re: Nmap output
      ... it wouldn't be possible that NMap didn't ... operating system, then it would provide you with list of operating ... OS, versions or port. ... Security Trends Report from Cenzic ...
      (Pen-Test)
    • Re: how to change OS idenfication?
      ... nmap detects the remote operating system by ... > string lying about somewhere in the packets that says, "Hi, I'm a Linux ... In my case this has not had a measurable impact on my network performance, ...
      (Focus-Linux)
    • Re: My Favorite Windows Software
      ... that operating system was so prone to problems, ... Removes Spyware, etc. ... interface, including mouse settings, Explorer settings, taskbar ... Allows you to make copies of your movies for the kids to use while ...
      (soc.retirement)