Nmap Development mailing list archives

Re: faking windows

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 01 Nov 2013 09:17:46 -0500

On 11/01/2013 05:55 AM, Robin Wood wrote:

I'm building a network for students to practice network mapping. I'm
probably going to be using Linux KVM to create the machines so when
scanned they will all come back as Linux boxes, is there any easy way
to have a Linux box pretend to be various versions of Windows?

The students will be probably not be using more than basic scanning
and I'm going to do the application level faking with things like web
servers pretending to be IIS so all I need is the OS level changes
that I'd need to make. Anyone got any tips on this?

Robin
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
.

Robin,

Setting your default TTL (/proc/sys/net/ipv4/ip_default_ttl) to 128 willmake it look enough like windows that Nmap is completely confused andfails to give an OS match. With --osscan-guess, though, it shows 96%correct match for Linux 2.6.32-3.6.

I tried tracking down other tuning values that could improve the"fakeness" here, but nothing came close. Chances are that your studentswill not bother with --osscan-guess, and this will be sufficient topreserve the illusion.


Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

faking windows Robin Wood (Nov 01)
- Re: faking windows Xavier Mertens (Nov 01)
  - Re: faking windows Robin Wood (Nov 01)
    - Re: faking windows Ricardo David Carrillo Sanchez (Nov 01)
    - Re: faking windows Robin Wood (Nov 01)
- Re: faking windows Dario Ciccarone (Nov 01)
  - Re: faking windows Robin Wood (Nov 01)
- Re: faking windows Daniel Miller (Nov 01)
  - Re: faking windows Robin Wood (Nov 01)