RE: Preventing OS Detection
From: Hernan Marcelo Racciatti (hracciatti_at_hotmail.com)
Date: 02/24/04
- Previous message: Sergey V. Gordeychik: "RE: Preventing OS Detection"
- Maybe in reply to: Paul Kurczaba: "Preventing OS Detection"
- Next in thread: Ansar Mohammed: "Re: Preventing OS Detection"
- Reply: Ansar Mohammed: "Re: Preventing OS Detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ms@securityfocus.com Date: Tue, 24 Feb 2004 13:04:18 +0000
>If I go to http://uptime.netcraft.com and enter my website, Netcraft will
>display my web servers OS, determined from the TCP/IP packet. Is there a
>way
>in the windows registry to prevent Netcraft (or anyone else) from
>identifying my OS? On the page http://www.webhostgear.com/36,1.html in
>paragraph titled "Netcraft is Watching", it briefly describes that registry
>changes can be made. Can someone please give me some specific registry
>changes to prevent others from identifying my web servers OS?
Hi,
Mmmm.. I think .. firewall is the best option. Edit metabase for change
banner's in SMTP and HTTP service (In some cases URLScan and some changes in
metabese make an good job too). Respect to TCP/IP settings, all of the
TCP/IP parameters are registry values located under the registry key:
HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services:
\Tcpip
\Parameters
RWIN, MSS
---------------
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
(GlobalMaxTcpWindowSize, TcpWindowSize, Tcp1323Opts)
MTU
------
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
(MTU)
TTL
-----
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
(DefaullTTL)
Note: I recommend test this in NO PRODUCTION server. altering these settings
will affect your server's performance in diverse ways. Pleasee care! In the
major case one valuer setting is a multiple of other value... mmm a TCP/IP
knowledge is very important for this settings function.
Some links:
http://secinf.net/info/nt/2000ip/tcpipimp.html
http://www.speedguide.net/read_articles.php?id=157
http://www.seoconsultants.com/articles/1000/security.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/locktool.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/urlscan.asp
http://www.petri.co.il/change_the_smtp_banner.htm
Good luck!
Hernán Marcelo Racciatti
[mailto:hracciatti@hotmail.com]
[http://www.hernanracciatti.com.ar]
_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.latam.msn.com/
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040219
---------------------------------------------------------------------------
- Previous message: Sergey V. Gordeychik: "RE: Preventing OS Detection"
- Maybe in reply to: Paul Kurczaba: "Preventing OS Detection"
- Next in thread: Ansar Mohammed: "Re: Preventing OS Detection"
- Reply: Ansar Mohammed: "Re: Preventing OS Detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
