Honeypots mailing list archives

Re: Faking OS detection

From: Franck Veysset <franck.veysset () rd francetelecom com>
Date: Mon, 03 Feb 2003 08:57:29 +0100

There was a tool call "FPF" (stands for FingerPrintFucker) that should
do what you want :
"BSD FingerPrintFucker is a kld for FreeBSD that changes the TCP/IP
stack in order to emulate other OS's against TCP/IP fingerprinting".

But I definitively not recommand using those kind of tool on a real
server !
Hope this help...

-Franck


leak () blackout ru wrote:

I wonder how i can emulate some OS when somebody scans my box with
nmap -O or something else.
Im using FreeBSD on my servers, and currently i block all OS guessing
by setting
options TCP_DROP_SYNFIN in my kernel.

But is it possible to modify TCP/IP stack so it will emulate win2k or
linux or something else?

Thanx




--
Franck VEYSSET  - France Telecom R&D/DTL/SSR
mailto: franck.veysset () rd francetelecom com

Current thread:

Faking OS detection leak (Feb 01)
- Re: Faking OS detection mike (Feb 01)
- RE: Faking OS detection Alberto Gonzalez (Feb 01)
- Re: Faking OS detection Hendrik Scholz (Feb 01)
- Re: Faking OS detection Shafik Yaghmour (Feb 01)
- Re: Faking OS detection Franck Veysset (Feb 03)
  - Re: Faking OS detection Alan Neville (Feb 03)