Nmap Announce mailing list archives
Preventing remote OS detection (fwd)
From: hal <hcking () acssun pstcc cc tn us>
Date: Tue, 23 Feb 1999 07:39:32 -0500 (EST)
Thought that this might be of interest... hal hcking () acssun pstcc cc tn us Any sufficiently advanced bug is indistinguishable from a feature. ---------- Forwarded message ---------- Date: Mon, 22 Feb 1999 11:55:43 -0500 From: Patrick Gilbert <gilbert () PGCI CA> Reply-To: info () PGCI CA To: BUGTRAQ () netspace org Subject: Preventing remote OS detection A technique exists to determine a remote operating system by sending obscure tcp packets and analyzing the response. Two utilites known as queso and nmap can determine with enough precision your operating system. This has been known for quite some time, but I haven't seen much on how to prevent it. There are many other ways to determine the operating system as well, most of which are described in a fairly recent phrack article (number 54 if I am correct) by fyodor, and are addressed in the article mentionned below. How can we mask our operating system from these tcp/ip stack fingerprinting tools while still being functional? This module is particularly useful for bastionned hosts in front of the corporate firewall who run public services such as mail, ftp and http, and cannot filter incoming connections. The answer can be found in the latest security improvement module at: http://www.pgci.ca/fingerprint.html As always, comments and suggestions are welcome. Cheers, Patrick -- Patrick Gilbert +1 (514) 865-9178 CEO, PGCI http://www.pgci.ca Montreal (QC), Canada CE AB B2 18 E0 FE C4 33 0D 9A AC 18 30 1F D9 1A
Current thread:
- Preventing remote OS detection (fwd) hal (Feb 23)