Security Basics mailing list archives

Re: Preventing OS Detection

From: Vincent <pros-n-cons () bak rr com>
Date: Fri, 20 Feb 2004 21:57:02 -0800

On Fri, 20 Feb 2004 17:29:52 -0500
Paul Kurczaba <paul () myipis com> wrote:

If I go to http://uptime.netcraft.com and enter my website, Netcraft will
display my web servers OS, determined from the TCP/IP packet. Is there a way
in the windows registry to prevent Netcraft (or anyone else) from
identifying my OS? On the page http://www.webhostgear.com/36,1.html in
paragraph titled "Netcraft is Watching", it briefly describes that registry
changes can be made. Can someone please give me some specific registry
changes to prevent others from identifying my web servers OS?

Thanks,
Paul Kurczaba

Under BSD and Linux there are many effective ways of doing this under windows
I think it would be difficult you can set somethings in the registry like TTL[1]
and turning off webdav[2] but nmap/netcraft have so many other ways. Put a
linux/bsd box in front of the webserver, checkpoint also works thanks to the fw-1
INSPECT language where you can inspect packets destined for your server [3]. No 
matter what you choose to do its a good idea to learn about fingerprinting techniques and some of thier solutions.

http://voodoo.somoslopeor.com/papers/nmap.html A practical approach for defeating Nmap OS-Fingerprinting
http://www.gsp.com/cgi-bin/man.cgi?section=4&topic=blackhole"; blackhole(4) - a sysctl(8) MIB for manipulating TCP
http://net-security.org/article.php?id=406 Help Net Security OS-FngrPrint article in PDF
http://www.citi.umich.edu/u/provos/honeyd/ Honeyd - Network Rhapsody for You
http://ojnk.sourceforge.net/stuff/iplog.readme http://ojnk.sourceforge.net/stuff/iplog.readme
http://www.insecure.org/nmap/nmap-fingerprinting-article.txt nmap-fingerprinting-article
http://ippersonality.sourceforge.net/ IP Personality - Home
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/kernel.html Kernel Options
http://www.stearns.org/p0f/ p0f file listing
http://www.phoneboy.com/fom-serve/cache/82.html PhoneBoy's FireWall-1 FAQs: Blocking queSO packets
http://www.s0ftpj.org/en/site.html s0ftpr0ject 2000 Fingerprint Fucker
http://www.innu.org/~sean/ Security Technologies
http://sourceforge.net/projects/sing SourceForge.net: Project Info - SING
http://www.sys-security.com/html/projects/X.html Sys-Security.com - Because Security is not Trivial
http://www.usenix.org/publications/library/proceedings/sec2000/smart.html USENIX Technical Program - Abstract - 
Security Symposium - 2000

[1].. HKLM\System\CurrentControlSet\Services\VxD\MSTCP
[2].. HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters
[3].. http://oldfaq.phoneboy.com/fom-serve/cache/82.html

Attachment: _bin
Description:

Current thread:

Preventing OS Detection Paul Kurczaba (Feb 20)
- RE: Preventing OS Detection dave kleiman (Feb 24)
  - RE: Preventing OS Detection Tiago Halm (Feb 27)
- Re: Preventing OS Detection Vincent (Feb 24)
  - RE: Preventing OS Detection Jim Laverty (Feb 25)
- RE: Preventing OS Detection Joey Peloquin (Feb 24)
  - RE: Preventing OS Detection Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
    - RE: Preventing OS Detection Joey Peloquin (Feb 27)
- <Possible follow-ups>
- RE: Preventing OS Detection Hagen, Eric (Feb 24)
- RE: Preventing OS Detection Hagen, Eric (Feb 24)
  - Re: Preventing OS Detection Naren (Feb 25)
- FW: Preventing OS Detection check (Feb 25)
  - MS IIS Urlscan - Preventing OS Detection Tom Milliner (Feb 25)