Home page logo

basics logo Security Basics mailing list archives

Re: nmap os detection!
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Fri, 7 Feb 2003 11:56:51 -0700

On Fri, Feb 07, 2003 at 08:13:43PM +0530, Prathap R wrote:
         i just used nmap to detect the os on the network. out of
curiosity,i want to know if there is a way of making the OS
undetectable. it will be of great help if anyone could point out how
do it?. i am using both windows and linux.

You can hide the OS footprint on your network traffic at the network
level.  Maybe even at the transport level.

There is almost no point, as your web browser sends your OS type each
and every time you connect to a web page.

The best way to accomplish this is sending everything though a proxy
server.  This will give your network traffic the footprint of the
proxy server.

If that isn't good enough, then a packet filter/mangler with knowledge
of most OS footprints would be required.  As it would be *really* hard
to detect all things your OS does, I'd say your best bet is to insert
as many other footprints as you can.

Thus your traffic would like like one of many OSes, one of which is
the real one.  But a list of, say, tweleve distinct OSes for one
machine will cause most people to say "The scanner doesn't know what
OS this IP is".  This should be good enough for most purposes.
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]