Home page logo

Nmap Announce mailing list archives

Re: Intrusion detection question.
From: Vanja Hrustic <vanja () relaygroup com>
Date: Thu, 10 Feb 2000 07:52:56 +0700

Daniel Swan wrote:
Ps.  FYI, I saw in one of the security NG's today that a Linux kernel patch has been released that is designed to 
confuse fingerprinting.

Now that you mention this...

So far, I've seen 2 more or less "reliable" techniques (on UNIX) to
confuse the fingerprinting.

1) Patching the kernel (at least, when we talk about Linux - don't know
how feasable it is for other OSs), but it might break things (modifying
kernel in order to "beat" one or two apps is a "bad thing (tm)", me

2) Usage of 'snort' or 'IPLog' in order to detect the fingerprinting
attempt, and respond to it (snort needs to be compiled with 'flexresp'
feature for this to work)

Does anybody have more examples on how to trick nMap fingerprinting
(UNIX examples, if possible)?



Vanja Hrustic
The Relay Group
Technology Ahead of Time

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]