Re: how to change OS idenfication?
From: Stef (stefmit_at_comcast.net)
Date: Wed, 18 Feb 2004 17:05:51 -0600 To: email@example.com
perhaps combined with a VMWARE or UML within which to run your real
stuff, "bridged" through the honeyd ...
On Feb 18, 2004, at 1:44 AM, C. Ulrich wrote:
> On Tue, 2004-02-17 at 05:20, Monty Ree wrote:
>> Hello, all.
>> I have operated linux sevrer and I would like to change the OS
>> So using nmap, I would like to be seen Windows instead of linux for
>> security reason.
>> I heard that ippersonality(http://ippersonality.sourceforge.net)
>> But the development of the ippersonality seems to be stopped.
>> Is there any other method to change the OS identification?
>> Thanks in advance.
> Unless memory fails me, nmap detects the remote operating system by
> looking for slight variations in the responses that it gets from
> probes and other information coming back from the host. There is no
> string lying about somewhere in the packets that says, "Hi, I'm a Linux
> machine" for example. One would have to tweak almost every part of the
> networking code in order to make the packets appear that they're coming
> from some other particular operating system. If someone actually did
> this, the nmap authors could conceivably update their code to correct
> for the modifications in a later version, which then defeats the
> of the modifications, which then creates a vicious circle that spirals
> out of control, causing earthquakes and eradicating whole hemispheres
> the planet, ad ininitum, ad nauseum, etc.
> You can see that it would just be a huge mess that, frankly, nobody
> wants to deal with. For information on how nmap fingerprinting works,
> I'd guess that a good firewall and applying proper security procedures
> would go a lot further than trying to spoof your OS fingerprint.
> Charles Ulrich
> P.S. You want your server to appear to be running Windows instead of
> Linux for security reasons? You're an interesting character. :)