Penetration Testing mailing list archives
Block OS Detection
From: "Jon DeShirley" <intrinsic () gmail com>
Date: Mon, 3 Sep 2007 10:51:51 -0700
Changing default stack values will give you a little bit of protection from OS fingerprinting, but there are usually other identifiers that will give your stack away. Dropping SYN+FIN, altering default TCL TTL values, changing the default TCP window size, and a few other things will fool a passive OS fingerprint. A few of the techniques are documented here: http://www.zog.net/Docs/nmap.html . But this is all moot, unless you go through all your service banners to sanitize them and block all default services (ie: Active Directory, Linuxconf, or ToolTalk) that would give your platform away. On 8/31/07, Attari Attari <c70n3 () yahoo co in> wrote:
Is there a PRACTICAL solution from PRODUCTION environments that can be used to block OS detection from tools like NMAP? I googled and read some notes but couldn't find a real world solution to blocking Windows & Linux OS detection.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Block OS Detection Gadi Evron (Sep 01)
- Re: Block OS Detection Jonathan Yu (Sep 01)
- RE: Block OS Detection Ofer Shezaf (Sep 04)
- RE: Block OS Detection Gadi Evron (Sep 04)
- RE: Block OS Detection Gadi Evron (Sep 04)
- RE: Block OS Detection Philippe Bogaerts (Sep 04)
- <Possible follow-ups>
- Re: Block OS Detection Dotzero (Sep 04)
- Block OS Detection Jon DeShirley (Sep 04)
- Re: Block OS Detection Joxean Koret (Sep 04)
- Re: Block OS Detection Robert E. Lee (Sep 05)
- Re: Block OS Detection Gadi Evron (Sep 05)
- Re: Block OS Detection sami seclist (Sep 04)
- RE: Block OS Detection Andrew Court (Sep 04)
- RE: Block OS Detection alan (Sep 04)
- RE: Block OS Detection Strykar (Sep 05)
- Re: Block OS Detection John Brazel (Sep 05)
- RE: Block OS Detection Arafat M. Bique (Sep 05)
- Re: Block OS Detection vtlists (Sep 05)
- RE: Block OS Detection Arafat M. Bique (Sep 05)