Re: faking windows

[Robin Wood <robin () digininja org>]

On 1 November 2013 14:17, Daniel Miller <bonsaiviking () gmail com> wrote:
> On 11/01/2013 05:55 AM, Robin Wood wrote:
> > I'm building a network for students to practice network mapping. I'm
> > probably going to be using Linux KVM to create the machines so when
> > scanned they will all come back as Linux boxes, is there any easy way
> > to have a Linux box pretend to be various versions of Windows?
> >
> > The students will be probably not be using more than basic scanning
> > and I'm going to do the application level faking with things like web
> > servers pretending to be IIS so all I need is the OS level changes
> > that I'd need to make. Anyone got any tips on this?
> >
> > Robin
> > _______________________________________________
> > Sent through the dev mailing list
> > http://nmap.org/mailman/listinfo/dev
> > Archived at http://seclists.org/nmap-dev/
> > .
> Robin,
>
> Setting your default TTL (/proc/sys/net/ipv4/ip_default_ttl) to 128 will
> make it look enough like windows that Nmap is completely confused and fails
> to give an OS match. With --osscan-guess, though, it shows 96% correct match
> for Linux 2.6.32-3.6.
>
> I tried tracking down other tuning values that could improve the "fakeness"
> here, but nothing came close. Chances are that your students will not bother
> with --osscan-guess, and this will be sufficient to preserve the illusion.
>
> Dan

I'll give it a try but ideally I want it to come back with Windows
version Blah for some boxes.

Robin
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/