RE: Block OS Detection

["Philippe Bogaerts" <xxradar () radarhack com>]

Hi,

Some (expensive) commercial firewalls have some protection mechanisms in
place. 
In general, a statefull firewall, will stop a bunch of NMAP probes as well
as most ICMP tricks.
Some firewalls have SYN, IP TLL and ID randomization features on board.

Regards



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Gadi Evron
Sent: Sunday, September 02, 2007 11:04 PM
To: Ofer Shezaf
Cc: Attari Attari; pen-test () securityfocus com;
pen-test-return-1078485025 () securityfocus com
Subject: RE: Block OS Detection

On Sun, 2 Sep 2007, Ofer Shezaf wrote:
> Reverse proxy? So at least for web servers you have a simple solution.
> You might be able to reverse proxy few other protocols.
>
> ~ Ofer Shezaf

Overwriting values is not going to stop many of the different detection 
methods. As mentioned - just one thingie.

Me? I just change banners.


> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of Gadi Evron
> > Sent: Saturday, September 01, 2007 11:08 AM
> > To: Attari Attari
> > Cc: pen-test () securityfocus com; pen-test-return-
> > 1078485025 () securityfocus com
> > Subject: Re: Block OS Detection
> >
> > Not everything is good, but you can overwrite different packet values
> > using.. a firewall for example.
> >
> > Just one thingie.
> >
> >
> > On Fri, 31 Aug 2007, Attari Attari wrote:
> >
> > > Hello All:
> > >
> > > Is there a PRACTICAL solution from PRODUCTION
> > > environments that can be used to block OS detection
> > > from tools like NMAP? I googled and read some notes
> > > but couldn't find a real world solution to blocking
> > > Windows & Linux OS detection.
> > >
> > > I'm quite sure I'll get the right inputs here.
> > >
> > > Thank you.
> > >
> > > Attari
> > >
> > >
> > >      Unlimited freedom, unlimited storage. Get it now, on
> > http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/
> > >
> ---------------------------------------------------------------------
> > ---
> > > This list is sponsored by: Cenzic
> > >
> > > Need to secure your web apps NOW?
> > > Cenzic finds more, "real" vulnerabilities fast.
> > > Click to try it, buy it or download a solution FREE today!
> > >
> > > http://www.cenzic.com/downloads
> ---------------------------------------------------------------------
> > ---
> > >
> -----------------------------------------------------------------------
> > -
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> -----------------------------------------------------------------------
> > -

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------