Security Basics mailing list archives
FW: Preventing OS Detection
From: "check" <check () wescom org>
Date: Tue, 24 Feb 2004 12:30:36 -0800
-----Original Message----- From: Vincent [mailto:pros-n-cons () bak rr com] Sent: Friday, February 20, 2004 9:57 PM To: security-basics () securityfocus com Subject: Re: Preventing OS Detection On Fri, 20 Feb 2004 17:29:52 -0500 Paul Kurczaba <paul () myipis com> wrote:
If I go to http://uptime.netcraft.com and enter my website, Netcraft will display my web servers OS, determined from the TCP/IP packet. Is there a way in the windows registry to prevent Netcraft (or anyone else) from identifying my OS? On the page http://www.webhostgear.com/36,1.html in paragraph titled "Netcraft is Watching", it briefly describes that registry changes can be made. Can
someone please give me some specific registry changes to prevent others from identifying my web servers OS? Thanks, Paul Kurczaba
Under BSD and Linux there are many effective ways of doing this under windows I think it would be difficult you can set somethings in the registry like TTL[1] and turning off webdav[2] but nmap/netcraft have so many other ways. Put a linux/bsd box in front of the webserver, checkpoint also works thanks to the fw-1 INSPECT language where you can inspect packets destined for your server [3]. No matter what you choose to do its a good idea to learn about fingerprinting techniques and some of thier solutions. http://voodoo.somoslopeor.com/papers/nmap.html A practical approach for defeating Nmap OS-Fingerprinting http://www.gsp.com/cgi-bin/man.cgi?section=4&topic=blackhole" blackhole(4) - a sysctl(8) MIB for manipulating TCP http://net-security.org/article.php?id=406 Help Net Security OS-FngrPrint article in PDF http://www.citi.umich.edu/u/provos/honeyd/ Honeyd - Network Rhapsody for You http://ojnk.sourceforge.net/stuff/iplog.readme http://ojnk.sourceforge.net/stuff/iplog.readme http://www.insecure.org/nmap/nmap-fingerprinting-article.txt nmap-fingerprinting-article http://ippersonality.sourceforge.net/ IP Personality - Home http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/kern el.html Kernel Options http://www.stearns.org/p0f/ p0f file listing http://www.phoneboy.com/fom-serve/cache/82.html PhoneBoy's FireWall-1 FAQs: Blocking queSO packets http://www.s0ftpj.org/en/site.html s0ftpr0ject 2000 Fingerprint Fucker http://www.innu.org/~sean/ Security Technologies http://sourceforge.net/projects/sing SourceForge.net: Project Info - SING http://www.sys-security.com/html/projects/X.html Sys-Security.com - Because Security is not Trivial http://www.usenix.org/publications/library/proceedings/sec2000/smart.htm l USENIX Technical Program - Abstract - Security Symposium - 2000 [1].. HKLM\System\CurrentControlSet\Services\VxD\MSTCP [2].. HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters [3].. http://oldfaq.phoneboy.com/fom-serve/cache/82.html ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please delete it immediately and advise the sender. WESCOM CREDIT UNION (626) 535-1000 **********************************************************************
Attachment:
ATT00004.dat
Description:
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Preventing OS Detection, (continued)
- RE: Preventing OS Detection dave kleiman (Feb 24)
- RE: Preventing OS Detection Tiago Halm (Feb 27)
- Re: Preventing OS Detection Vincent (Feb 24)
- RE: Preventing OS Detection Jim Laverty (Feb 25)
- RE: Preventing OS Detection Joey Peloquin (Feb 24)
- RE: Preventing OS Detection Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- RE: Preventing OS Detection Joey Peloquin (Feb 27)
- RE: Preventing OS Detection Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- RE: Preventing OS Detection Hagen, Eric (Feb 24)
- RE: Preventing OS Detection Hagen, Eric (Feb 24)
- Re: Preventing OS Detection Naren (Feb 25)
- FW: Preventing OS Detection check (Feb 25)
- MS IIS Urlscan - Preventing OS Detection Tom Milliner (Feb 25)
- RE: Preventing OS Detection dave kleiman (Feb 24)