Honeypots mailing list archives

RE: Faking OS detection

From: "Alberto Gonzalez" <albertg () cerebro wwjh net>
Date: Sat, 1 Feb 2003 10:08:13 -0800

You might want to check out honeyd[1]. It does what you're looking for. 
Also, you should drop other irregular TCP flag combinations, not just
syn/fin. Hope That Helps.

Cheers!
        Alberto Gonzalez

[1] - http://www.citi.umich.edu/u/provos/honeyd/


---
"The secret to success is to start from scratch and keep on scratching. 
 

-----Original Message-----
From: leak () blackout ru [mailto:leak () blackout ru] 
Sent: Friday, January 31, 2003 6:45 PM
To: honeypots () securityfocus com
Subject: Faking OS detection


I wonder how i can emulate some OS when somebody scans my box with
nmap -O or something else.
Im using FreeBSD on my servers, and currently i block all OS guessing
by setting
options TCP_DROP_SYNFIN in my kernel.

But is it possible to modify TCP/IP stack so it will emulate win2k or
linux or something else?

Thanx

-- 
// undef
// i code. therefore i am.

Current thread:

Faking OS detection leak (Feb 01)
- Re: Faking OS detection mike (Feb 01)
- RE: Faking OS detection Alberto Gonzalez (Feb 01)
- Re: Faking OS detection Hendrik Scholz (Feb 01)
- Re: Faking OS detection Shafik Yaghmour (Feb 01)
- Re: Faking OS detection Franck Veysset (Feb 03)
  - Re: Faking OS detection Alan Neville (Feb 03)