Nmap Announce mailing list archives
Re: Intrusion detection question.
From: Vanja Hrustic <vanja () relaygroup com>
Date: Thu, 10 Feb 2000 07:52:56 +0700
Daniel Swan wrote:
Ps. FYI, I saw in one of the security NG's today that a Linux kernel patch has been released that is designed to confuse fingerprinting.
Now that you mention this... So far, I've seen 2 more or less "reliable" techniques (on UNIX) to confuse the fingerprinting. 1) Patching the kernel (at least, when we talk about Linux - don't know how feasable it is for other OSs), but it might break things (modifying kernel in order to "beat" one or two apps is a "bad thing (tm)", me thinks) 2) Usage of 'snort' or 'IPLog' in order to detect the fingerprinting attempt, and respond to it (snort needs to be compiled with 'flexresp' feature for this to work) Does anybody have more examples on how to trick nMap fingerprinting (UNIX examples, if possible)? Thanks. -- Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time
Current thread:
- Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Jose Nazario (Feb 10)
- fooling nmap Bep Verberk (Feb 10)
- Re: fooling nmap Lance Spitzner (Feb 10)
- Re: fooling nmap CyberPsychotic (Feb 11)
- Re: fooling nmap Vanja Hrustic (Feb 11)
- Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Tomi Ollila (Feb 10)
- Re: Intrusion detection question. Michel Arboi (Feb 14)
- Re: Intrusion detection question. Tomi Ollila (Feb 21)