Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: spoofing another machine's fingerprints
From: Joshua Wright <jwright () hasborg com>
Date: Fri, 30 Aug 2013 09:19:53 -0400

Hi Robin,

On Aug 29, 2013, at 6:57 PM, Robin Wood <robin () digininja org> wrote:

As I asked about recently, I'll soon be testing a NAC type device and so I was wondering, is there a tool which will 
let me watch a device then clone its network fingerprint? By fingerprint I mean things like network settings such as 
TTLs but also open ports (probably couldn't spoof the service but at least open the port).

I know there is a tool that is designed to fool attackers by having a list of different OS's and you chose which you 
want to pretend to be but rather than pick from a list I want to be able to point it at another machine and say 
"clone that".

I don't think that exists.  When I want to evade NAC systems, I usually start with a Scapy-generated 3-way handshake 
that mimic's an iPad or other device that I put together manually.

If a tool doesn't exist, and I don't think it will, can someone remind me of the name of the tool I described above 
and I'll have a look see if that can be modified.

I think you mean OSFuscate by Irongeek: 
http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools.

-Josh
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]