Re: Faking OS fingerprinting in Windows

From: Information Services (info_at_pcsage.biz)
Date: 06/14/05

  • Next message: Mauricio Fernandez: "Hacked again???" 
    Date: Tue, 14 Jun 2005 10:52:25 -0400
To: Christian Wendell Gueco <velox@consultant.com>

    Hello,

    If nmap has returned this device type, perhaps it's being used for
    its intent and is port forwarding to the IIS server that is hosting
    the .asp application you mention.

    Measure twice cut once.

    S.

    On 13-Jun-05, at 12:48 AM, Christian Wendell Gueco wrote:

    > Hello,
    >
    > While doing an OS fingerprint to a client using nmap, the system
    > was fingerprinted to :
    >
    > Panasonic IP Technology Broadband Networking Gateway, KX-HGW200
    >
    > I am assuming that this results are caused by a IP stack
    > manipulation tool of some sort running on a Windows platform since
    > this server has an ASP website hosted. I would like to ask on any
    > tools that runs on Windows that can perform such a task. I have
    > research such tools but all of them run on Linux systems.
    >
    > Another thing to assume, is it possible that a device prior to the
    > server (i.e. inline IDS or firewall) is capable of manipulation the
    > IP Personality (i.e. its header values incl TCP) to mislead any OS
    > fingerprinting mechanism. Are there such features on opensource and
    > commercial devices?
    >
    > Any information is gladly appreciated. Thanks!
    >
    > - velox
    >
    > ====================================
    > Certified Geek
    > Email: velox_at_consultant_dot_com
    >
    >
    >
    > --
    > ___________________________________________________________
    > Sign-up for Ads Free at Mail.com
    > http://promo.mail.com/adsfreejump.htm
    >
    >

  • Next message: Mauricio Fernandez: "Hacked again???"

    Relevant Pages

    • Re: Microsoft Urlscan Filter v3.0
      ... urlscan is intalled on the server, nmap fails to fingerprint the server, ...
      (Security-Basics)
    • Re: Auto-update protocol
      ... The protocol can't be spoofed by "unfriendlies". ... load on the server (the goal is for the user *not* ... examines the fingerprint, sees that it differs, starts ... * client identifies to server and asks for update since $TIMESTAMP ...
      (comp.arch.embedded)
    • Re: Auto-update protocol
      ... The protocol can't be spoofed by "unfriendlies". ... Minimize unnecessary network traffic as well as ... load on the server (the goal is for the user *not* ... the fingerprint (why not just do a bytewise compare ...
      (comp.arch.embedded)
    • Re: ASP page will not load
      ... >>> using ASP. ... Why do I get a 500 Internal Server error for all ... >>Internet Services Manager. ... >>Properties, and on the Home Directory tab, click the ...
      (microsoft.public.inetserver.asp.general)
    • Re: Ecommerce Server Requires Daily Reboot
      ... Sounds like you need a good ASP developer to go through ... SQL data caching schemes, to IIS settings, etc, etc, etc. ... a file cache on the web server. ... In order for customer to access webpage login, ...
      (microsoft.public.dotnet.framework.aspnet)