Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: An Embryonic Counterintelligence Tool

From: vanja () RELAYGROUP COM (Vanja Hrustic)
Date: Wed, 19 Jan 2000 02:15:31 +0700

"Stephen P. Berry" wrote:

Several months ago, I asked if anyone knew of any tools (or projects
to produce tools) that present an aribitrarily-chosen TCP fingerprint
to a scanner.  I had been fiddling around with such a thing, and
was curious if there were any similar widgets already in
a `finished product' state.


I know that IPLog can fool nMap OS finterprinting. I've just tested it
for 10 minutes (V2.0), and I can confirm that it indeed managed to fool
nMap. I don't use that tool, so I can't provide more information. You
can get it at:

http://ojnk.sourceforge.net/

Another thing that you might want to take a look at is - Snort. But take
a look at beta (development) version. By creating proper rule (or/and
using spp_portscanner preprocessor), you might 'catch' an OS
fingerprinting attempt, and send the RST (or you can decide what you
want to do with the connection by yourself). I did not try this, but I
presume that it will at least 'confuse' the fingerprinting process.
Might be worth trying :)

Snort is available at:

http://www.clark.net/~roesch/security.html

There, you will find more information about getting the latest version
from the CVS.

Hope this helps.

--

Vanja Hrustic
The Relay Group
http://relaygroup.com
Technology Ahead of Time
Previous By Date Next
Previous By Thread Next

Current thread: