Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Faking OS fingerprinting in Windows

From: "Burton Strauss" <BStrauss3 () comcast net>
Date: Tue, 14 Jun 2005 15:33:31 -0500
Sure - it's all but trivial to disguise yourself.

Simplest way?  Put a router in the path with an odd MSS - it will cause a
lot of fragmentation, and that's one of the things most fingerprints include
- check out ettercap (http://ettercap.sourceforge.net/).

-----Burton 

-----Original Message-----
From: Christian Wendell Gueco [mailto:velox () consultant com] 
Sent: Sunday, June 12, 2005 11:49 PM
To: security-basics () securityfocus com
Subject: Faking OS fingerprinting in Windows

Hello,

While doing an OS fingerprint to a client using nmap, the system was
fingerprinted to :

Panasonic IP Technology Broadband Networking Gateway, KX-HGW200

I am assuming that this results are caused by a IP stack manipulation tool
of some sort running on a Windows platform since this server has an ASP
website hosted. I would like to ask on any tools that runs on Windows that
can perform such a task. I have research such tools but all of them run on
Linux systems.

Another thing to assume, is it possible that a device prior to the server
(i.e. inline IDS or firewall) is capable of manipulation the IP Personality
(i.e. its header values incl TCP) to mislead any OS fingerprinting
mechanism. Are there such features on opensource and commercial devices?

Any information is gladly appreciated. Thanks!

- velox

====================================
Certified Geek
Email: velox_at_consultant_dot_com



--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
Previous By Date Next
Previous By Thread Next

Current thread: