mailing list archives
Re: OS Detection Question
From: "Mr. Man" <mrman () darkside org>
Date: Wed, 3 May 2000 21:49:25 -0500 (CDT)
On Wed, 3 May 2000, John Turner wrote:
I have searched the net looking for a definitive answer to this question but have come up dry.
Is there a way to completely fool (or block) OS detection from scanners (like nmap, queso, etc.) using the Linux OS?
What about Windoze?
I believe there are patches available for certain versions of the Linux
Kernel that allow you to fool OS detection tools. It's mostly a matter of
re-writing the way the IP stack in Linux handles 'odd,' 'irregular,' or
'inappropriate' TCP packets or the default values on connection
negotiations; i.e. certain combinates of TCP header flags, the default TCP
Maximum Segment Size, etc.
Ipfilter be used to block some of the generic forms of OS detection, but
I've never used it with Linux.
Any insight would be greatly appreciated.
Check the following:
There was also a decent thread on Bugtraq on the subject back in Feb. of
I'm sure you should also look at Fyodor's excellent article in Phrack54
(http://phrack.infonexus.com/search.phtml?view&article=p54-9) where he
discusses methods of OS fingerprint detection.
Message not available
Re: OS Detection Question Mr. Man (May 04)
Re: OS Detection Question Max (May 04)
Re: OS Detection Question Nelson (May 04)
- Re: OS Detection Question, (continued)