FW: Preventing OS Detection

From: check (check_at_wescom.org)
Date: 02/24/04

  • Next message: Naren: "Re: Preventing OS Detection" 
    Date: Tue, 24 Feb 2004 12:30:36 -0800
To: <security-basics@securityfocus.com>

    -----Original Message-----
    From: Vincent [mailto:pros-n-cons@bak.rr.com]
    Sent: Friday, February 20, 2004 9:57 PM
    To: security-basics@securityfocus.com
    Subject: Re: Preventing OS Detection

    On Fri, 20 Feb 2004 17:29:52 -0500
    Paul Kurczaba <paul@myipis.com> wrote:

    > If I go to http://uptime.netcraft.com and enter my website, Netcraft
    > will display my web servers OS, determined from the TCP/IP packet. Is
    > there a way in the windows registry to prevent Netcraft (or anyone
    > else) from identifying my OS? On the page
    > http://www.webhostgear.com/36,1.html in paragraph titled "Netcraft is
    > Watching", it briefly describes that registry changes can be made. Can

    > someone please give me some specific registry changes to prevent
    > others from identifying my web servers OS?
    >
    > Thanks,
    > Paul Kurczaba
    >
    Under BSD and Linux there are many effective ways of doing this under
    windows I think it would be difficult you can set somethings in the
    registry like TTL[1] and turning off webdav[2] but nmap/netcraft have so
    many other ways. Put a linux/bsd box in front of the webserver,
    checkpoint also works thanks to the fw-1 INSPECT language where you can
    inspect packets destined for your server [3]. No
    matter what you choose to do its a good idea to learn about
    fingerprinting techniques and some of thier solutions.

    http://voodoo.somoslopeor.com/papers/nmap.html A practical approach for
    defeating Nmap OS-Fingerprinting
    http://www.gsp.com/cgi-bin/man.cgi?section=4&topic=blackhole"
    blackhole(4) - a sysctl(8) MIB for manipulating TCP
    http://net-security.org/article.php?id=406 Help Net Security
    OS-FngrPrint article in PDF http://www.citi.umich.edu/u/provos/honeyd/
    Honeyd - Network Rhapsody for You
    http://ojnk.sourceforge.net/stuff/iplog.readme
    http://ojnk.sourceforge.net/stuff/iplog.readme
    http://www.insecure.org/nmap/nmap-fingerprinting-article.txt
    nmap-fingerprinting-article http://ippersonality.sourceforge.net/ IP
    Personality - Home
    http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/kern
    el.html Kernel Options http://www.stearns.org/p0f/ p0f file listing
    http://www.phoneboy.com/fom-serve/cache/82.html PhoneBoy's FireWall-1
    FAQs: Blocking queSO packets http://www.s0ftpj.org/en/site.html
    s0ftpr0ject 2000 Fingerprint Fucker http://www.innu.org/~sean/ Security
    Technologies http://sourceforge.net/projects/sing SourceForge.net:
    Project Info - SING http://www.sys-security.com/html/projects/X.html
    Sys-Security.com - Because Security is not Trivial
    http://www.usenix.org/publications/library/proceedings/sec2000/smart.htm
    l USENIX Technical Program - Abstract - Security Symposium - 2000

    [1].. HKLM\System\CurrentControlSet\Services\VxD\MSTCP
    [2].. HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters
    [3].. http://oldfaq.phoneboy.com/fom-serve/cache/82.html

    **********************************************************************
    This email and any files transmitted with it are confidential
    and intended solely for the use of the individual or entity to
    whom they are addressed. If you have received this email
    in error, please delete it immediately and advise the sender.
    WESCOM CREDIT UNION (626) 535-1000
    **********************************************************************

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Naren: "Re: Preventing OS Detection"
    • Quantcast