FW: Preventing OS Detection

From: Infosecnyc (admin_at_infosecnyc.com)
Date: 02/25/04

  • Next message: Tony Moran: "Re: Preventing OS Detection"
    To: "'Kevin E. Casey'" <kcasey@nanoweb.com>, "'Paul Kurczaba'" <paul@myipis.com>, <focus-ms@securityfocus.com>
    Date: Tue, 24 Feb 2004 18:49:12 -0500
    
    

    Kevin:

    URLScan will deny Web Server banner requests only, not OS detection.

    NSA.gov have refuse both banner requests & OS detection,
    at onetime in the past as you can see on the netcraft lookup.

    *** Just using them as an example, no need to send helicopters over my house

    Windows 2000 unknown 19-May-2003 *.213.217.241 [blocking banner requests]

    unknown unknown 25-Aug-2002 *.213.217.241 [blocking os detection & banner
    requests]

    Solaris unknown 13-Aug-2002 *.47.125.33 [blocking banner request]

    Solaris Apache/1.3.11 (Unix) 7-Aug-2002 *.47.125.33

    Windows 2000 unknown 6-Aug-2002 *.213.217.241 [blocking banner requests]

    Solaris Apache/1.3.11 (Unix) 30-Jul-2002 *.47.125.33

    unknown unknown 29-Jul-2002 *.213.217.241 [blocking os detection & banner
    requests]

    Solaris Apache/1.3.11 (Unix) 24-Oct-2001 *.47.125.33 unknown
    *****************************************************************
    -
    But there is 100 other ways to detect an OS.

    So whats the point really.

    FLUID

    -----Original Message-----
    From: Kevin E. Casey [mailto:kcasey@nanoweb.com]
    Sent: Monday, February 23, 2004 3:54 PM
    To: Paul Kurczaba; focus-ms@securityfocus.com
    Subject: RE: Preventing OS Detection

    If you are running Microsoft IIS, install URLScan and read the instructions.

    -----Original Message-----
    From: Paul Kurczaba [mailto:paul@myipis.com]
    Sent: Friday, February 20, 2004 5:29 PM
    To: focus-ms@securityfocus.com
    Subject: Preventing OS Detection

    If I go to http://uptime.netcraft.com and enter my website, Netcraft will
    display my web servers OS, determined from the TCP/IP packet. Is there a way
    in the windows registry to prevent Netcraft (or anyone else) from
    identifying my OS? On the page http://www.webhostgear.com/36,1.html
    in paragraph titled "Netcraft is Watching", it briefly describes that
    registry changes can be made. Can someone please give me some specific
    registry changes to prevent others from identifying my web servers OS?

    Thanks,
    Paul Kurczaba

    ------------------------------------------------------------------------

    ---
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.
    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040219
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.
    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_focus-ms_040219
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Tony Moran: "Re: Preventing OS Detection"

    Relevant Pages

    • Re: IDS vs Application Proxy Firewal
      ... /blacklisting from the point of view of whom, the vendor of the security ... In the case of anomaly detection systems, from the point of view of the ... activity is not present for whatever learning time frame you want. ...
      (Focus-IDS)
    • RE: ROI on IDS/IPS products
      ... It apperas that no major incidents were detected by network ... i also was told that these IPS devices are from industry ... A residential building has a gate,wall and few security personnel for ... comes with default settings for low detection. ...
      (Focus-IDS)
    • [Full-disclosure] RAID 2011 (Sep. 20-21, Menlo Park, CA) - Final Call for Participation
      ... the intrusion detection community will ... application security, anomaly detection, special environments ... web and social network security, ... A poster session during the symposium will provide lively ...
      (Full-Disclosure)
    • RE: [inbox] Re: Counter detect Network Sniffer
      ... >>You can run in promiscuose mode without fear of detection by ... absolutely guarentee non-detection of a network box is to do as I suggested. ... If you spend more on coffee than on IT security, ... the comprehensive security solution that combines six ...
      (Focus-IDS)