Penetration Testing mailing list archives
RE: Block OS Detection
From: "Philippe Bogaerts" <xxradar () radarhack com>
Date: Tue, 4 Sep 2007 20:45:06 +0200
Hi, Some (expensive) commercial firewalls have some protection mechanisms in place. In general, a statefull firewall, will stop a bunch of NMAP probes as well as most ICMP tricks. Some firewalls have SYN, IP TLL and ID randomization features on board. Regards -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gadi Evron Sent: Sunday, September 02, 2007 11:04 PM To: Ofer Shezaf Cc: Attari Attari; pen-test () securityfocus com; pen-test-return-1078485025 () securityfocus com Subject: RE: Block OS Detection On Sun, 2 Sep 2007, Ofer Shezaf wrote:
Reverse proxy? So at least for web servers you have a simple solution. You might be able to reverse proxy few other protocols. ~ Ofer Shezaf
Overwriting values is not going to stop many of the different detection methods. As mentioned - just one thingie. Me? I just change banners.
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gadi Evron Sent: Saturday, September 01, 2007 11:08 AM To: Attari Attari Cc: pen-test () securityfocus com; pen-test-return- 1078485025 () securityfocus com Subject: Re: Block OS Detection Not everything is good, but you can overwrite different packet values using.. a firewall for example. Just one thingie. On Fri, 31 Aug 2007, Attari Attari wrote:Hello All: Is there a PRACTICAL solution from PRODUCTION environments that can be used to block OS detection from tools like NMAP? I googled and read some notes but couldn't find a real world solution to blocking Windows & Linux OS detection. I'm quite sure I'll get the right inputs here. Thank you. Attari Unlimited freedom, unlimited storage. Get it now, onhttp://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/------------------------------------------------------------------------This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Block OS Detection Gadi Evron (Sep 01)
- Re: Block OS Detection Jonathan Yu (Sep 01)
- RE: Block OS Detection Ofer Shezaf (Sep 04)
- RE: Block OS Detection Gadi Evron (Sep 04)
- RE: Block OS Detection Gadi Evron (Sep 04)
- RE: Block OS Detection Philippe Bogaerts (Sep 04)
- <Possible follow-ups>
- Re: Block OS Detection Dotzero (Sep 04)
- Block OS Detection Jon DeShirley (Sep 04)
- Re: Block OS Detection Joxean Koret (Sep 04)
- Re: Block OS Detection Robert E. Lee (Sep 05)
- Re: Block OS Detection Gadi Evron (Sep 05)
- Re: Block OS Detection sami seclist (Sep 04)
- RE: Block OS Detection Andrew Court (Sep 04)
- RE: Block OS Detection alan (Sep 04)
- RE: Block OS Detection Strykar (Sep 05)
- Re: Block OS Detection John Brazel (Sep 05)
(Thread continues...)