Honeypots mailing list archives
RE: Faking OS detection
From: "Alberto Gonzalez" <albertg () cerebro wwjh net>
Date: Sat, 1 Feb 2003 10:08:13 -0800
You might want to check out honeyd[1]. It does what you're looking for. Also, you should drop other irregular TCP flag combinations, not just syn/fin. Hope That Helps. Cheers! Alberto Gonzalez [1] - http://www.citi.umich.edu/u/provos/honeyd/ --- "The secret to success is to start from scratch and keep on scratching. -----Original Message----- From: leak () blackout ru [mailto:leak () blackout ru] Sent: Friday, January 31, 2003 6:45 PM To: honeypots () securityfocus com Subject: Faking OS detection I wonder how i can emulate some OS when somebody scans my box with nmap -O or something else. Im using FreeBSD on my servers, and currently i block all OS guessing by setting options TCP_DROP_SYNFIN in my kernel. But is it possible to modify TCP/IP stack so it will emulate win2k or linux or something else? Thanx -- // undef // i code. therefore i am.
Current thread:
- Faking OS detection leak (Feb 01)
- Re: Faking OS detection mike (Feb 01)
- RE: Faking OS detection Alberto Gonzalez (Feb 01)
- Re: Faking OS detection Hendrik Scholz (Feb 01)
- Re: Faking OS detection Shafik Yaghmour (Feb 01)
- Re: Faking OS detection Franck Veysset (Feb 03)
- Re: Faking OS detection Alan Neville (Feb 03)