Re: Preventing OS Detection
From: Vincent (pros-n-cons_at_bak.rr.com)
Date: 02/21/04
- Previous message: Steve: "RE: Why Security testing is required"
- In reply to: Paul Kurczaba: "Preventing OS Detection"
- Next in thread: Jim Laverty: "RE: Preventing OS Detection"
- Reply: Jim Laverty: "RE: Preventing OS Detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 Feb 2004 21:57:02 -0800 To: security-basics@securityfocus.com
On Fri, 20 Feb 2004 17:29:52 -0500
Paul Kurczaba <paul@myipis.com> wrote:
> If I go to http://uptime.netcraft.com and enter my website, Netcraft will
> display my web servers OS, determined from the TCP/IP packet. Is there a way
> in the windows registry to prevent Netcraft (or anyone else) from
> identifying my OS? On the page http://www.webhostgear.com/36,1.html in
> paragraph titled "Netcraft is Watching", it briefly describes that registry
> changes can be made. Can someone please give me some specific registry
> changes to prevent others from identifying my web servers OS?
>
> Thanks,
> Paul Kurczaba
>
Under BSD and Linux there are many effective ways of doing this under windows
I think it would be difficult you can set somethings in the registry like TTL[1]
and turning off webdav[2] but nmap/netcraft have so many other ways. Put a
linux/bsd box in front of the webserver, checkpoint also works thanks to the fw-1
INSPECT language where you can inspect packets destined for your server [3]. No
matter what you choose to do its a good idea to learn about fingerprinting techniques and some of thier solutions.
http://voodoo.somoslopeor.com/papers/nmap.html A practical approach for defeating Nmap OS-Fingerprinting
http://www.gsp.com/cgi-bin/man.cgi?section=4&topic=blackhole" blackhole(4) - a sysctl(8) MIB for manipulating TCP
http://net-security.org/article.php?id=406 Help Net Security OS-FngrPrint article in PDF
http://www.citi.umich.edu/u/provos/honeyd/ Honeyd - Network Rhapsody for You
http://ojnk.sourceforge.net/stuff/iplog.readme http://ojnk.sourceforge.net/stuff/iplog.readme
http://www.insecure.org/nmap/nmap-fingerprinting-article.txt nmap-fingerprinting-article
http://ippersonality.sourceforge.net/ IP Personality - Home
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/kernel.html Kernel Options
http://www.stearns.org/p0f/ p0f file listing
http://www.phoneboy.com/fom-serve/cache/82.html PhoneBoy's FireWall-1 FAQs: Blocking queSO packets
http://www.s0ftpj.org/en/site.html s0ftpr0ject 2000 Fingerprint Fucker
http://www.innu.org/~sean/ Security Technologies
http://sourceforge.net/projects/sing SourceForge.net: Project Info - SING
http://www.sys-security.com/html/projects/X.html Sys-Security.com - Because Security is not Trivial
http://www.usenix.org/publications/library/proceedings/sec2000/smart.html USENIX Technical Program - Abstract - Security Symposium - 2000
[1].. HKLM\System\CurrentControlSet\Services\VxD\MSTCP
[2].. HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters
[3].. http://oldfaq.phoneboy.com/fom-serve/cache/82.html
- application/pgp-signature attachment: stored
- Previous message: Steve: "RE: Why Security testing is required"
- In reply to: Paul Kurczaba: "Preventing OS Detection"
- Next in thread: Jim Laverty: "RE: Preventing OS Detection"
- Reply: Jim Laverty: "RE: Preventing OS Detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
