RE: Preventing OS Detection

From: Thompson, Jimi (JimiT_at_mail.cox.smu.edu)
Date: 02/26/04

  • Next message: Ted LeRoy: "SYN_SENT to port 8081" 
    To: focus-ms@securityfocus.com
Date: Wed, 25 Feb 2004 17:24:09 -0600

    All,

    Perhaps my experience has been unique, but the post below leads me to think
    that perhaps it is not. Once you've gotten your network packets tweaked so
    that they can no longer be "fingerprinted" by ANYONE, you no longer have a
    functional network connection.

    Having your OS "fingerprinted" is typically the least of anyone's security
    woes. It usually ranks somewhere between water drop and 1/2 pint when
    compared to the Pacific Ocean.

    2 cents,

    Jimi

    -----Original Message-----
    From: Infosecnyc [mailto:admin@infosecnyc.com]
    Sent: Tuesday, February 24, 2004 5:49 PM
    To: 'Kevin E. Casey'; 'Paul Kurczaba'; focus-ms@securityfocus.com
    Subject: FW: Preventing OS Detection

    Kevin:

    URLScan will deny Web Server banner requests only, not OS detection.

    NSA.gov have refuse both banner requests & OS detection,
    at onetime in the past as you can see on the netcraft lookup.

    *** Just using them as an example, no need to send helicopters over my house

    Windows 2000 unknown 19-May-2003 *.213.217.241 [blocking banner requests]

    unknown unknown 25-Aug-2002 *.213.217.241 [blocking os detection & banner
    requests]

    Solaris unknown 13-Aug-2002 *.47.125.33 [blocking banner request]

    Solaris Apache/1.3.11 (Unix) 7-Aug-2002 *.47.125.33

    Windows 2000 unknown 6-Aug-2002 *.213.217.241 [blocking banner requests]

    Solaris Apache/1.3.11 (Unix) 30-Jul-2002 *.47.125.33

    unknown unknown 29-Jul-2002 *.213.217.241 [blocking os detection & banner
    requests]

    Solaris Apache/1.3.11 (Unix) 24-Oct-2001 *.47.125.33 unknown
    *****************************************************************
    -
    But there is 100 other ways to detect an OS.

    So whats the point really.

    FLUID

    -----Original Message-----
    From: Kevin E. Casey [mailto:kcasey@nanoweb.com]
    Sent: Monday, February 23, 2004 3:54 PM
    To: Paul Kurczaba; focus-ms@securityfocus.com
    Subject: RE: Preventing OS Detection

    If you are running Microsoft IIS, install URLScan and read the instructions.

    -----Original Message-----
    From: Paul Kurczaba [mailto:paul@myipis.com]
    Sent: Friday, February 20, 2004 5:29 PM
    To: focus-ms@securityfocus.com
    Subject: Preventing OS Detection

    If I go to http://uptime.netcraft.com and enter my website, Netcraft will
    display my web servers OS, determined from the TCP/IP packet. Is there a way
    in the windows registry to prevent Netcraft (or anyone else) from
    identifying my OS? On the page http://www.webhostgear.com/36,1.html
    in paragraph titled "Netcraft is Watching", it briefly describes that
    registry changes can be made. Can someone please give me some specific
    registry changes to prevent others from identifying my web servers OS?

    Thanks,
    Paul Kurczaba

    ------------------------------------------------------------------------ 

    ---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040219
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040219
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Ted LeRoy: "SYN_SENT to port 8081"

    Relevant Pages

    • RE: Preventing OS Detection
      ... If I go to http://uptime.netcraft.com and enter my website, ... in the windows registry to prevent Netcraft from ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • RE: Preventing OS Detection
      ... If I go to http://uptime.netcraft.com and enter my website, ... registry changes to prevent others from identifying my web servers OS? ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • RE: Preventing OS Detection
      ... If I go to http://uptime.netcraft.com and enter my website, ... in the windows registry to prevent Netcraft from ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • Re: Keen to test out root kits
      ... I am keen to test out root kits on my lap-top. ... lap-top / home network? ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)
    • RE: Preventing OS Detection
      ... there are some rudimentary TCP/IP settings available in this ... If I go to http://uptime.netcraft.com and enter my website, ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)
    • Quantcast