FW: Preventing OS Detection

["check" <check () wescom org>]

-----Original Message-----
From: Vincent [mailto:pros-n-cons () bak rr com] 
Sent: Friday, February 20, 2004 9:57 PM
To: security-basics () securityfocus com
Subject: Re: Preventing OS Detection


On Fri, 20 Feb 2004 17:29:52 -0500
Paul Kurczaba <paul () myipis com> wrote:

> If I go to http://uptime.netcraft.com and enter my website, Netcraft 
> will display my web servers OS, determined from the TCP/IP packet. Is 
> there a way in the windows registry to prevent Netcraft (or anyone 
> else) from identifying my OS? On the page 
> http://www.webhostgear.com/36,1.html in paragraph titled "Netcraft is 
> Watching", it briefly describes that registry changes can be made. Can

> someone please give me some specific registry changes to prevent 
> others from identifying my web servers OS?
>
> Thanks,
> Paul Kurczaba
Under BSD and Linux there are many effective ways of doing this under
windows I think it would be difficult you can set somethings in the
registry like TTL[1] and turning off webdav[2] but nmap/netcraft have so
many other ways. Put a linux/bsd box in front of the webserver,
checkpoint also works thanks to the fw-1 INSPECT language where you can
inspect packets destined for your server [3]. No 
matter what you choose to do its a good idea to learn about
fingerprinting techniques and some of thier solutions.

http://voodoo.somoslopeor.com/papers/nmap.html A practical approach for
defeating Nmap OS-Fingerprinting
http://www.gsp.com/cgi-bin/man.cgi?section=4&topic=blackhole";
blackhole(4) - a sysctl(8) MIB for manipulating TCP
http://net-security.org/article.php?id=406 Help Net Security
OS-FngrPrint article in PDF http://www.citi.umich.edu/u/provos/honeyd/
Honeyd - Network Rhapsody for You
http://ojnk.sourceforge.net/stuff/iplog.readme
http://ojnk.sourceforge.net/stuff/iplog.readme
http://www.insecure.org/nmap/nmap-fingerprinting-article.txt
nmap-fingerprinting-article http://ippersonality.sourceforge.net/ IP
Personality - Home
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/kern
el.html Kernel Options http://www.stearns.org/p0f/ p0f file listing
http://www.phoneboy.com/fom-serve/cache/82.html PhoneBoy's FireWall-1
FAQs: Blocking queSO packets http://www.s0ftpj.org/en/site.html
s0ftpr0ject 2000 Fingerprint Fucker http://www.innu.org/~sean/ Security
Technologies http://sourceforge.net/projects/sing SourceForge.net:
Project Info - SING http://www.sys-security.com/html/projects/X.html
Sys-Security.com - Because Security is not Trivial
http://www.usenix.org/publications/library/proceedings/sec2000/smart.htm
l USENIX Technical Program - Abstract - Security Symposium - 2000

[1].. HKLM\System\CurrentControlSet\Services\VxD\MSTCP
[2].. HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters
[3].. http://oldfaq.phoneboy.com/fom-serve/cache/82.html


**********************************************************************
This email and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity to 
whom they are addressed.  If you have received this email 
in error, please delete it immediately and advise the sender.
WESCOM CREDIT UNION (626) 535-1000
**********************************************************************

Attachment: ATT00004.dat
Description:

---------------------------------------------------------------------------
----------------------------------------------------------------------------