Security Basics mailing list archives
Re: nmap os detection!
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Fri, 7 Feb 2003 11:56:51 -0700
On Fri, Feb 07, 2003 at 08:13:43PM +0530, Prathap R wrote:
i just used nmap to detect the os on the network. out of curiosity,i want to know if there is a way of making the OS undetectable. it will be of great help if anyone could point out how do it?. i am using both windows and linux.
You can hide the OS footprint on your network traffic at the network level. Maybe even at the transport level. There is almost no point, as your web browser sends your OS type each and every time you connect to a web page. The best way to accomplish this is sending everything though a proxy server. This will give your network traffic the footprint of the proxy server. If that isn't good enough, then a packet filter/mangler with knowledge of most OS footprints would be required. As it would be *really* hard to detect all things your OS does, I'd say your best bet is to insert as many other footprints as you can. Thus your traffic would like like one of many OSes, one of which is the real one. But a list of, say, tweleve distinct OSes for one machine will cause most people to say "The scanner doesn't know what OS this IP is". This should be good enough for most purposes. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt () cpsc ucalgary ca University Of Calgary (_)/(_) I should be biking right now. Computer Science
Current thread:
- nmap os detection! Prathap R (Feb 07)
- Re: nmap os detection! Brad Arlt (Feb 07)
- RE: nmap os detection! Ethan (Feb 07)
- Re: nmap os detection! Leo Security (Feb 10)
- Re: nmap os detection! flur (Feb 07)
- Re: nmap os detection! Caleb Humberd (Feb 10)
- <Possible follow-ups>
- nmap os detection! tburns (Feb 07)