Honeypots mailing list archives
Re: Faking OS detection
From: "Alan Neville" <aneville () isiclabs com>
Date: Sat, 1 Feb 2003 17:35:04 -0000
Why not just use blackhole, so no one can even nmap your server/workstation? Set the following options, so when you reboot, blackhole is initialized on TCP and UDP ports. This will stop people from nmaping or attempting any type of stealth scan against your system. -bash-2.05b$ cat /etc/sysctl.conf # $FreeBSD: src/etc/sysctl.conf,v 1.1.2.3 2002/04/15 00:44:13 dougb Exp $ # # This file is read when going to multi-user and its contents piped thru # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. # net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 -bash-2.05b$ To enable blackhole without a reboot, do the following: -bash-2.05b$ uname -a FreeBSD sciaphobia.net 4.7-RELEASE FreeBSD 4.7-RELEASE #0: Sat Jan 11 13:56:50 GMT 2003 alan () sciaphobia net:/usr/src/sys/compile/JESSICA i386 -bash-2.05b$ sysctl -a | grep blackhole net.inet.tcp.blackhole: 0 net.inet.udp.blackhole: 0 -bash-2.05b$ su Password: sciaphobia# sysctl -w net.inet.tcp.blackhole=2; sysctl -w net.inet.udp.blackhole=1 net.inet.tcp.blackhole: 0 -> 2 net.inet.udp.blackhole: 0 -> 1 sciaphobia# exit -bash-2.05b$ Alan ----- Original Message ----- From: "Franck Veysset" <franck.veysset () rd francetelecom com> To: <leak () blackout ru>; <honeypots () securityfocus com> Sent: Monday, February 03, 2003 7:57 AM Subject: Re: Faking OS detection
There was a tool call "FPF" (stands for FingerPrintFucker) that should do what you want : "BSD FingerPrintFucker is a kld for FreeBSD that changes the TCP/IP stack in order to emulate other OS's against TCP/IP fingerprinting". But I definitively not recommand using those kind of tool on a real server ! Hope this help... -Franck leak () blackout ru wrote:I wonder how i can emulate some OS when somebody scans my box with nmap -O or something else. Im using FreeBSD on my servers, and currently i block all OS guessing by setting options TCP_DROP_SYNFIN in my kernel. But is it possible to modify TCP/IP stack so it will emulate win2k or linux or something else? Thanx-- Franck VEYSSET - France Telecom R&D/DTL/SSR mailto: franck.veysset () rd francetelecom com
Current thread:
- Faking OS detection leak (Feb 01)
- Re: Faking OS detection mike (Feb 01)
- RE: Faking OS detection Alberto Gonzalez (Feb 01)
- Re: Faking OS detection Hendrik Scholz (Feb 01)
- Re: Faking OS detection Shafik Yaghmour (Feb 01)
- Re: Faking OS detection Franck Veysset (Feb 03)
- Re: Faking OS detection Alan Neville (Feb 03)