Bugtraq mailing list archives

Preventing remote OS detection

From: gilbert () pgci ca (Patrick Gilbert)
Date: Mon, 22 Feb 1999 11:55:43 -0500


A technique exists to determine a remote operating system by sending
obscure tcp
packets and analyzing the response. Two utilites known as queso and nmap
can
determine with enough precision your operating system. This has been
known for quite some time, but I haven't seen much on how to prevent it.

There are many other ways to determine the operating system as well,
most of which are described in a fairly recent phrack article (number 54
if I am correct)
by fyodor, and are addressed in the article mentionned below.

How can we mask our operating system from these tcp/ip stack
fingerprinting tools while still being functional?

This module is particularly useful for bastionned hosts in front of the
corporate firewall who run public services such as mail, ftp and http,
and cannot filter incoming connections.

The answer can be found in the latest security improvement module at:

http://www.pgci.ca/fingerprint.html

As always, comments and suggestions are welcome.

Cheers,
Patrick

--
Patrick Gilbert                                     +1 (514) 865-9178
CEO, PGCI                                          http://www.pgci.ca
Montreal (QC), Canada CE AB B2 18 E0 FE C4 33  0D 9A AC 18 30 1F D9 1A

Current thread:

NetBus client 1.x overflow, (continued)
- - - NetBus client 1.x overflow Daniel Rosowski (Feb 22)
    - Re: Process table attack (from RISKS Digest) James Lockwood (Feb 22)
    - Re: Process table attack (from RISKS Digest) Dirk Moerenhout (Feb 22)
    - Re: Process table attack (from RISKS Digest) unknown () RIVERSTYX NET (Feb 22)
    - Re: Process table attack (from RISKS Digest) Andrew Hobgood (Feb 22)
    - Denial of service process table attacks John Conover (Feb 23)
    - Group kmem exploitable? Oliver Xymoron (Feb 23)
    - Re: Pro/wuFTPD DoS Alex Belits (Feb 21)
  - ISS install.iss security hole Fyodor (Feb 20)
    - Re: ISS install.iss security hole Joel Eriksson (Feb 22)
    - Preventing remote OS detection Patrick Gilbert (Feb 22)
    - Re: Preventing remote OS detection James Lockwood (Feb 22)
    - Re: Preventing remote OS detection route () RESENTMENT INFONEXUS COM (Feb 22)
    - Re: Preventing remote OS detection Salvatore Sanfilippo (Feb 23)
    - Re: ISS install.iss security hole Peter Benie (Feb 22)
    - Re: ISS install.iss security hole Michael Warfield (Feb 22)
    - BlackHats Advisory -- InterScan VirusWall The Unicorn (Feb 22)
    - Microsoft Security Bulletin (MS99-007) aleph1 () UNDERGROUND ORG (Feb 22)