Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Re: hiding uptime

Re: hiding uptime

From: Matt Bing <matt_at_anzen.com>
Date: Fri, 16 Mar 2001 09:51:00 -0500

Ted U said:
> here's patch i submitted to bugtraq. it modifies openbsd 2.8/7 so that
> the timestamp starts at zero for each connection. nmap (or other
> methods) will think you have an uptime of 53 ms or something. nmap
> doesn't report anything.

Something similar was just commited to -current:

/src/sys/netinet/tcp_subr.c

revision 1.40
date: 2001/03/14 19:21:33; author: mickey; state: Exp; lines: +2 -1
provide a random start for tcp timestamps; niels@ ok

$ sudo nmap -O -sS -p 22-25 karloff
[snip]
Uptime 7792.580 days (since Wed Nov 14 19:48:34 1979)

$ uptime
9:44AM up 6 mins, 4 users, load averages: 0.16, 0.30, 0.17 

--
Matt Bing
Anzen Computing
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Mar 16 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos