Re: nmap os detection!

[Brad Arlt <arlt () cpsc ucalgary ca>]

On Fri, Feb 07, 2003 at 08:13:43PM +0530, Prathap R wrote:
>          i just used nmap to detect the os on the network. out of
> curiosity,i want to know if there is a way of making the OS
> undetectable. it will be of great help if anyone could point out how
> do it?. i am using both windows and linux.

You can hide the OS footprint on your network traffic at the network
level.  Maybe even at the transport level.

There is almost no point, as your web browser sends your OS type each
and every time you connect to a web page.

The best way to accomplish this is sending everything though a proxy
server.  This will give your network traffic the footprint of the
proxy server.

If that isn't good enough, then a packet filter/mangler with knowledge
of most OS footprints would be required.  As it would be *really* hard
to detect all things your OS does, I'd say your best bet is to insert
as many other footprints as you can.

Thus your traffic would like like one of many OSes, one of which is
the real one.  But a list of, say, tweleve distinct OSes for one
machine will cause most people to say "The scanner doesn't know what
OS this IP is".  This should be good enough for most purposes.
-----------------------------------------------------------------------
   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science