RE: Preventing OS Detection

From: Sergey V. Gordeychik (gordey_at_infosec.ru)
Date: 02/24/04

  • Next message: Hernan Marcelo Racciatti: "RE: Preventing OS Detection"
    Date: Tue, 24 Feb 2004 09:02:58 +0300
    To: "Paul Kurczaba" <paul@myipis.com>, <focus-ms@securityfocus.com>
    
    

    You can try tools like antinmap, or just play with following parameters
    of registry:

    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultTTL
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultTOS
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUBHDete
    ct

    I think that netcraft use similar to nmap technique, and this can
    deceive it.
    Don't forget to change Web server banners and error pages.

    -----Original Message-----
    From: Paul Kurczaba [mailto:paul@myipis.com]
    Sent: Saturday, February 21, 2004 1:29 AM
    To: focus-ms@securityfocus.com
    Subject: Preventing OS Detection

    If I go to http://uptime.netcraft.com and enter my website, Netcraft
    will
    display my web servers OS, determined from the TCP/IP packet. Is there a
    way
    in the windows registry to prevent Netcraft (or anyone else) from
    identifying my OS? On the page http://www.webhostgear.com/36,1.html in
    paragraph titled "Netcraft is Watching", it briefly describes that
    registry
    changes can be made. Can someone please give me some specific registry
    changes to prevent others from identifying my web servers OS?

    Thanks,
    Paul Kurczaba

    ------------------------------------------------------------------------

    ---
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that 
    integrates six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN 
    - Wireless security.
    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040219 
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that 
    integrates six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN 
    - Wireless security.
    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040219 
    ---------------------------------------------------------------------------
    

  • Next message: Hernan Marcelo Racciatti: "RE: Preventing OS Detection"

    Relevant Pages

    • RE: Preventing OS Detection
      ... It has to do with the core implimentation of the TCP/IP stack. ... of any simple registry edits that let you customize the behavior of the ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)
    • RE: Preventing OS Detection
      ... If I go to http://uptime.netcraft.com and enter my website, ... registry changes to prevent others from identifying my web servers OS? ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • RE: Preventing OS Detection
      ... Once you've gotten your network packets tweaked so ... If I go to http://uptime.netcraft.com and enter my website, ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • RE: Preventing OS Detection
      ... there are some rudimentary TCP/IP settings available in this ... If I go to http://uptime.netcraft.com and enter my website, ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)
    • RE: Preventing OS Detection
      ... To simply change the IIS Banner you can use IISBanner ... you can always try to "play" with the registry settings ... If I go to http://uptime.netcraft.com and enter my website, ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)