Home page logo
/

basics logo Security Basics mailing list archives

Re: nmap os detection!
From: Leo Security <security () fastmail fm>
Date: Fri, 07 Feb 2003 18:50:49 -0500

It is generally not good to change the OS parameters. If its detectable, let it be. Best thing to do is to unplug all the holes on regular basis and configure your firewall to work at its optimum.

Leo

Ethan wrote:

There was just a thread about this on the honeypot mailling list
(honeypots () securityfocus com).  Not only can you make the OS undetectable,
you can also fake other OS's in the nmap scan.  Links from honeypot threads:

http://ippersonality.sourceforge.net/
http://www.raisdorf.net/projects/pfprintd/

you also might be interested in honeynet
http://www.citi.umich.edu/u/provos/honeyd/

There are kernel options (TCP_DROP_SYNFIN) you can set to blackhole OS
guessing.  Check the honeypot archive for specifics.

-Ethan



-----Original Message-----
From: Prathap R [mailto:prathap.r () indiatimes com]
Sent: Friday, February 07, 2003 6:44 AM
To: SECURITY-BASICS () securityfocus com
Subject: nmap os detection!


hello all,
        i just used nmap to detect the os on the network. out of
curiosity,i want to know if there is a way of making the OS undetectable. it
will be of great help if anyone could point out how do it?. i am using both
windows and linux.
thanks in advance.
regards,
      Prathap



Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com

Buy the best in Movies at http://www.videos.indiatimes.com

Bid for for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
http://airsahara.indiatimes.com and Bid Now !





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]