Re: Preventing remote OS detection

[crispin () CSE OGI EDU (Crispin Cowan)]

tqbf wrote:

> You probably can't, at least not without a significant, tedious, and
> error-prone code audit. We've been doing research on OS fingerprinting for
> the past few years, and there are hundreds of different stack-specific
> idiosynchricies.

That being the case, it sounds like the only way to reliably de-fingerprint an
OS is with an electronic pair of gloves:  implement a new stack, and make it
portable across multiple platforms.  Distribute it widely and support it, to get
lots of different kinds of systems to use it.  Now people can still finger-print
your "glove" stack, but they can't tell what OS it's running on.

Of course, this is lots & lots of work, requires political buy-in from the
leaders of diverse projects like Linux, *BSD, and Windows :-), and is of
questionable value.  I'd rather spend my time making my system of choice more
secure than working that hard to obscure my system of choice.

Crispin
-----
 Crispin Cowan, Research Assistant Professor of Computer Science, OGI
    NEW:  Protect Your Linux Host with StackGuard'd Programs  :FREE
       http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

                 Support Justice:  Boycott Windows 98