RE: Faking OS fingerprinting in Windows

• Previous message: shaver_at_cfl.rr.com: "Re: Faking OS fingerprinting in Windows"
• Maybe in reply to: Christian Wendell Gueco: "Faking OS fingerprinting in Windows"
• Next in thread: Burton Strauss: "RE: Faking OS fingerprinting in Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 14 Jun 2005 13:37:21 +0100
To: "Christian Wendell Gueco" <velox@consultant.com>, <security-basics@securityfocus.com>

This device may be port forwarding port 80 to a w2k server(?)

Hence it may be the device it nmap says it is.

-----Original Message-----
From: Christian Wendell Gueco [mailto:velox@consultant.com]
Sent: 13 June 2005 05:49
To: security-basics@securityfocus.com
Subject: Faking OS fingerprinting in Windows

Hello,

While doing an OS fingerprint to a client using nmap, the system was
fingerprinted to :

Panasonic IP Technology Broadband Networking Gateway, KX-HGW200

I am assuming that this results are caused by a IP stack manipulation
tool of some sort running on a Windows platform since this server has an
ASP website hosted. I would like to ask on any tools that runs on
Windows that can perform such a task. I have research such tools but all
of them run on Linux systems.

Another thing to assume, is it possible that a device prior to the
server (i.e. inline IDS or firewall) is capable of manipulation the IP
Personality (i.e. its header values incl TCP) to mislead any OS
fingerprinting mechanism. Are there such features on opensource and
commercial devices?

Any information is gladly appreciated. Thanks!

- velox

====================================
Certified Geek
Email: velox_at_consultant_dot_com

-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

• Previous message: shaver_at_cfl.rr.com: "Re: Faking OS fingerprinting in Windows"
• Maybe in reply to: Christian Wendell Gueco: "Faking OS fingerprinting in Windows"
• Next in thread: Burton Strauss: "RE: Faking OS fingerprinting in Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: how to change OS idenfication? ... probably looks at open ports as much as it looks at ... >> I have operated linux sevrer and I would like to change the OS ... nmap detects the remote operating system by ... For information on how nmap fingerprinting works, ... (Focus-Linux) Re: How to block nmap OS fingerprinting using ipfw ? ... > block nmap OS fingerprinting scan. ... Nmap is not the only application out there ... I know ipfw, but I've never felt the need to prevent against Nmaps ... (comp.security.firewalls) Re: network analysis tool ... another good too is X probe project by Ofir Arking and Fyodor ... As the webpage mentions, X probe doesn't use TCP, but instead, ICMP. ... > Take a look at nmap, ... > about TCP OS stack fingerprinting in nmap's package. ... (Security-Basics) SinFP 1.01, new version of the OS fingerprinting next generation tool ... SinFP is a new approach to OS fingerprinting, which bypasses limitations ... Nmap approaches to fingerprinting as shown to be efficient for years. ... (Pen-Test) RE: Faking OS fingerprinting in Windows ... Faking OS fingerprinting in Windows ... is it possible that a device prior to the server ... (Security-Basics)