Security Basics mailing list archives
Re: avoiding detection by netcraft site
From: dan.crowley () gmail com
Date: 22 Dec 2008 16:11:51 -0000
There are several OS fingerprinting methods out there currently, the most common of which are banner grabbing and fingerprinting at the network level, using the characteristics of the OS's TCP/IP stack. I don't know which netcraft is using, but it's most likely one of those two, and they will probably keep the results cached, so if netcraft has a record of your site, they'll probably have it for a while. Dependant on what OS you're running, there are a couple of different tools you can use to fool TCP/IP stack fingerprinting. Try one of these: IP Personality (Linux, BSD) Security Cloak (Windows) Fingerprint Fucker (Linux) Sealing Wafter (BSD) As for banner grabbing, you need to change the way the application reports itself. Your server may be giving out its OS identity to every host that connects. This is usually trivial to change in the config files. Good luck! (Also, this is a shameless plug, but if you'd like to learn about an alternative approach to OS fingerprinting, check out my research paper on the subject... http://www.x10security.org/appOSfingerprint.pdf)
Current thread:
- avoiding detection by netcraft site Juan B (Dec 18)
- Re: avoiding detection by netcraft site Patrick Webster (Dec 19)
- Re: avoiding detection by netcraft site Marc-André Laverdière (Dec 19)
- Re: avoiding detection by netcraft site J5 (Dec 22)
- RE: avoiding detection by netcraft site Dan Denton (Dec 22)
- Re: avoiding detection by netcraft site J5 (Dec 22)
- Re: avoiding detection by netcraft site Nikhil Wagholikar (Dec 23)
- <Possible follow-ups>
- Re: avoiding detection by netcraft site dan . crowley (Dec 22)