Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: avoiding detection by netcraft site

From: dan.crowley () gmail com
Date: 22 Dec 2008 16:11:51 -0000
There are several OS fingerprinting methods out there currently, the most common of which are banner grabbing and 
fingerprinting at the network level, using the characteristics of the OS's TCP/IP stack.

I don't know which netcraft is using, but it's most likely one of those two, and they will probably keep the results 
cached, so if netcraft has a record of your site, they'll probably have it for a while.

Dependant on what OS you're running, there are a couple of different tools you can use to fool TCP/IP stack 
fingerprinting. Try one of these:
IP Personality (Linux, BSD)
Security Cloak (Windows)
Fingerprint Fucker (Linux)
Sealing Wafter (BSD)

As for banner grabbing, you need to change the way the application reports itself. Your server may be giving out its OS 
identity to every host that connects. This is usually trivial to change in the config files.

Good luck!

(Also, this is a shameless plug, but if you'd like to learn about an alternative approach to OS fingerprinting, check 
out my research paper on the subject... http://www.x10security.org/appOSfingerprint.pdf)
Previous By Date Next
Previous By Thread Next

Current thread: