Nmap Announce mailing list archives
Re: Fingerprint?
From: //Stany <stany () pet notbsd org>
Date: Tue, 5 Jan 1999 19:18:38 -0500 (EST)
On Tue, 5 Jan 1999, Takacs Istvan wrote:
Where can I find any document about the OS's fingerprinting?
Well, the article that Fyodor has on his site http://www.insecure.org/nmap/nmap_doc.html is pretty extensive. You might also want to read the phrack article that have appeared in phrack 54 and catch up on your bugtraq reading. Also you might want to look at the source of queso and nmap.
I manage some web servers, and I don't want to enable this kind of scanning. Or could you offer any method to disable this 'feature' in the OS level?
I afraid not, although you can try recompiling your kernel (if your OS has kernel source available) with some modifications to the networking code to imitate that your OS is different from what it is in fact. Alternatively I have heard that there is a way under Solaris to poke some values in the kernel with ndd to change some of the responces to nmap quieries, but I have not heard from that person again (anyone knows more?) As the knowing of the remote OS is rather useless withgout a daemon to exploit to gain a remote entry (at least to most crackers), if you are running Linux or BSD, I can recommend running it one one of the less commonly used platforms. In my tests both ARMLinux (On Corel NetWinder, kernel 2.0.31 on builds 3-10, and kernel 2.0.35 on build 12) and SPARCLinux (On SS10-612, running RH 5.1-5.2 SPARC) were detected correctly by nmap as Linux 2.0.3x, but average person would most probably assume that the hardware that is used is Intel (And besides how many crackers know SPARC or ARM assembly or can obtain ready shellcodes? Way lesser number of people then those who can do Intel assembly) based. Alternatively you most probably could build a proxy-firewall, which will be a single secure machine with little on it other then firewalling rules and ability to relay the requests to firewalled web servers and relay back the responces. Again, my experience is with Solaris and Linux, and I know that this is not that complicated under latter. If you have found a way that works and that I have overlooked, I would be very interested to hear about it.
Thanks a lot!
Best of luck.
Regards, Istvan
//Stany -- +-----------------------------------------------------------------------------+ | Stanislav N. Vardomskiy - Procurator Odiosus Ex Infernis[TM] | | This message is brought to you by letters jey, ow, el and tee. | | Jolt! For all the sugar and twice the caffeine. | +-----------------------------------------------------------------------------+
Current thread:
- Fingerprint? Takacs Istvan (Jan 05)
- Re: Fingerprint? //Stany (Jan 05)
- Re: Fingerprint? Takacs Istvan (Jan 06)
- Detected NMAP scan Lamont Granquist (Jan 06)
- Re: Fingerprint? Takacs Istvan (Jan 06)
- Re: Fingerprint? //Stany (Jan 05)