mailing list archives
Faking/Spoofing nmap's OS reply?
From: "elad" <hax0r () netvision net il>
Date: Mon, 21 Aug 2000 22:21:24 +0200
I'm planning on writing some sort of paper on nmap and some related issues.
Please note that the paper is inteded for the newbie-intermediate level so
don't flame or say stuff like ``It's obvious'' etc..
Anyway. I was planning on writing how nmap works (basically), with a small
explanation about the TCP stack. Then move to why you can't 'spoof' your
OS when scanned with nmap. After that maybe add a part about how you can
fake/spoof your OS anyway, but in an unefficient way.
Now I have some questions,
(A) Is rewriting the TCP stack by recompiling the kernel with different
options thus making nmap think you're running OS X instead of OS Y the
only way to really spoof/fake the reply? (notice that I am talking about
spoofing/faking, not making it undetectable)
(B) Will mixing lots of stack options when recompiling the kernel confuse
nmap thus making it reply with something like ``Too many fingerprints'' or
(C) Are there any other ways you can think of to spoof/fake the OS reply..?
Also, I had in mind an idea about a dynamic TCP stack of some sort, is it
By the way, the paper will probably be in Hebrew (I'm making it for a new
security site me and some friends are about to put up), so, you think I
should translate it when it's done (into English)? You think writing this
paper will do any good?
Thank you for your time,
elad, ` _'_ '
<hax0r () netvision net il> - (o)o) -
PGP Key ID: 0x507CC7CE
Fingerprint: 28E5 2BA8 7A46 A927 4B2F 0888 F106 EDA2 507C C7CE
Unless your using a Windows based email client, the ASCII is fucked. :/
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
- Faking/Spoofing nmap's OS reply? elad (Aug 21)