Nmap Development mailing list archives
Re: faking windows
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 01 Nov 2013 09:17:46 -0500
On 11/01/2013 05:55 AM, Robin Wood wrote:
I'm building a network for students to practice network mapping. I'm probably going to be using Linux KVM to create the machines so when scanned they will all come back as Linux boxes, is there any easy way to have a Linux box pretend to be various versions of Windows? The students will be probably not be using more than basic scanning and I'm going to do the application level faking with things like web servers pretending to be IIS so all I need is the OS level changes that I'd need to make. Anyone got any tips on this? Robin _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ .
Robin,Setting your default TTL (/proc/sys/net/ipv4/ip_default_ttl) to 128 will make it look enough like windows that Nmap is completely confused and fails to give an OS match. With --osscan-guess, though, it shows 96% correct match for Linux 2.6.32-3.6.
I tried tracking down other tuning values that could improve the "fakeness" here, but nothing came close. Chances are that your students will not bother with --osscan-guess, and this will be sufficient to preserve the illusion.
Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- faking windows Robin Wood (Nov 01)
- Re: faking windows Xavier Mertens (Nov 01)
- Re: faking windows Robin Wood (Nov 01)
- Re: faking windows Ricardo David Carrillo Sanchez (Nov 01)
- Re: faking windows Robin Wood (Nov 01)
- Re: faking windows Robin Wood (Nov 01)
- Re: faking windows Xavier Mertens (Nov 01)
- Re: faking windows Dario Ciccarone (Nov 01)
- Re: faking windows Robin Wood (Nov 01)
- Re: faking windows Daniel Miller (Nov 01)
- Re: faking windows Robin Wood (Nov 01)