Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Block OS Detection
From: Danny Fullerton <dfullerton () mantor org>
Date: Fri, 25 Jan 2008 18:54:01 -0500

Hi,

Core Force those not implement packet normalization (scrub) of OpenBSD's
pf if I recall. I don't known if they messed up with the stack signature
in some other way.

Ivan Arce, could you ratify?

Otherwise..., almost any good firewall appliance should do the trick.

We use redundant OpenBSD's systems for this kind of purpose in a
production environment (highly critical 24/7/365). The firewall (pf) is
extremely powerful (enterprise level), easy to understand and cost
effective. Take a look at pfsync and CARP. One big advantage over PIX or
alike is the fact that your actually dealing with a complete operating
system: if you need to implement some other *twisted* security feature,
the door is wide open without having too invest in some kind of upgrade.

regards,

---
Danny Fullerton
IT Security Specialist, GCIH GHTQ
Mantor Organization

Ivan Arce wrote:
OpenBSD's PF has been ported to Windows (pre-Vista) as part of a free
firewall/endpoint security software. It is part of research work and
in beta state (regular YMMV disclaimer) but I know it has been
installed used on production servers for quite some time. The port of
OpenBSD's PF provides a fully-featured and stable bidirectional
statefull firewall that some found useful to have on windows systems.

http://force.coresecurity.com

-ivan


Arafat M. Bique wrote:
For Windows System and IIS is not quite easily to do that. I don't know
if someone has a solution that isn't reverse proxy.

Regards,

Arafat M. Bique
Network Infrastructure
IT Department
email:arafat.bique () bcifomento co mz
Web:http://www.bcifomento.co.mz

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of John Brazel
Sent: Wednesday, September 05, 2007 10:01 AM
To: Attari Attari
Cc: pen-test () securityfocus com
Subject: Re: Block OS Detection

OpenBSD's pf firewall has a 'scrub' option that allows normalisation
of various TCP header fields, as well as fragment re-assembly and the
like.

J.

On 8/31/07, Attari Attari <c70n3 () yahoo co in> wrote:
Hello All:

Is there a PRACTICAL solution from PRODUCTION
environments that can be used to block OS detection
from tools like NMAP? I googled and read some notes
but couldn't find a real world solution to blocking
Windows & Linux OS detection.

I'm quite sure I'll get the right inputs here.

Thank you.

Attari


      Unlimited freedom, unlimited storage. Get it now, on
http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads

------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault