RE: Preventing OS Detection

From: Hernan Marcelo Racciatti (hracciatti_at_hotmail.com)
Date: 02/24/04

  • Next message: Jimmy Sansi: "RE: Preventing OS Detection"
    To: focus-ms@securityfocus.com
    Date: Tue, 24 Feb 2004 13:04:18 +0000
    
    

    >If I go to http://uptime.netcraft.com and enter my website, Netcraft will
    >display my web servers OS, determined from the TCP/IP packet. Is there a
    >way
    >in the windows registry to prevent Netcraft (or anyone else) from
    >identifying my OS? On the page http://www.webhostgear.com/36,1.html in
    >paragraph titled "Netcraft is Watching", it briefly describes that registry
    >changes can be made. Can someone please give me some specific registry
    >changes to prevent others from identifying my web servers OS?

    Hi,

    Mmmm.. I think .. firewall is the best option. Edit metabase for change
    banner's in SMTP and HTTP service (In some cases URLScan and some changes in
    metabese make an good job too). Respect to TCP/IP settings, all of the
    TCP/IP parameters are registry values located under the registry key:

    HKEY_LOCAL_MACHINE
    \SYSTEM
    \CurrentControlSet
    \Services:
    \Tcpip
    \Parameters

    RWIN, MSS
    ---------------
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    (GlobalMaxTcpWindowSize, TcpWindowSize, Tcp1323Opts)

    MTU
    ------
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
    (MTU)

    TTL
    -----
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    (DefaullTTL)

    Note: I recommend test this in NO PRODUCTION server. altering these settings
    will affect your server's performance in diverse ways. Pleasee care! In the
    major case one valuer setting is a multiple of other value... mmm a TCP/IP
    knowledge is very important for this settings function.

    Some links:

    http://secinf.net/info/nt/2000ip/tcpipimp.html
    http://www.speedguide.net/read_articles.php?id=157
    http://www.seoconsultants.com/articles/1000/security.asp
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/locktool.asp
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/urlscan.asp
    http://www.petri.co.il/change_the_smtp_banner.htm

    Good luck!

    Hernán Marcelo Racciatti

    [mailto:hracciatti@hotmail.com]
    [http://www.hernanracciatti.com.ar]

    _________________________________________________________________
    Charla con tus amigos en línea mediante MSN Messenger:
    http://messenger.latam.msn.com/

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040219
    ---------------------------------------------------------------------------


  • Next message: Jimmy Sansi: "RE: Preventing OS Detection"

    Relevant Pages

    • TCP/IP multiple addressing
      ... I am looking to find an easy way to change the TCP/IP ... settings. ... I use a portable which travels between work ... have tried setting up an import/export for the registry ...
      (microsoft.public.windowsxp.network_web)
    • Re: Network stops after time
      ... if reset TCP/IP can help you resolve the issue. ... I believe the issue should not be related to TCP/IP components in Windows ... able to update your profile and access the the partner newsgroups. ... |> Registry Editor incorrectly. ...
      (microsoft.public.windowsxp.network_web)
    • Re: Preventing OS Detection
      ... > display my web servers OS, ... > in the windows registry to prevent Netcraft from ... Can someone please give me some specific registry ... INSPECT language where you can inspect packets destined for your server. ...
      (Security-Basics)
    • Re: Uninstall and Reinstall TCP/IP?
      ... > To resolve this issue, delete the corrupted registry keys, and then ... > reinstall the TCP/IP protocol. ... Click Protocol, and then click Add. ...
      (microsoft.public.windowsxp.general)
    • Re: ICS with XP host, ME client not quite working
      ... maximum client MTU to be 1472. ... I was unable to find a key where the DriverDesc showed TCP/IP. ... Since I'm not much for experimenting with the registry, ... network the original release of XP was on the host. ...
      (microsoft.public.windowsxp.network_web)