Nmap Announce mailing list archives
Re: OS Detection Question
From: Fyodor <fyodor () insecure org>
Date: Wed, 3 May 2000 17:52:26 -0700 (PDT)
On Wed, 3 May 2000, John Turner wrote:
Is there a way to completely fool (or block) OS detection from scanners (like nmap, queso, etc.) using the Linux OS? What about Windoze?
Yes, it is actually pretty easy. Just change one of the values they look for (like initial window size) -- see http://www.insecure.org/nmap/nmap-fingerprinting-article.html . Nmap does not make a "best guess". It requires everything in the fingerprint to match a nmap-os-fingerprints template before it gives a positive result. Otherwise it says "none found". So if you change one attribute on your machine to something not found in the wild, Nmap will give a "not found" result. However, a skilled user will be able to look at the returned fingerprint, compare it to those in nmap-os-fingerprints, and probably figure out what you have changed and what OS you are running. Admittedly, Nmap could also make a "best guess" at the OS by finding and reporting the fingerprint which most closely resembles the one detected. Maybe I'll add an option to do that. But there are two problems with guessing by default: 1) When a (normal) machine does not match any fingerprints, it is very useful for people to report the fingerprint. If Nmap "guesses" (especially if the guess is correct or only off by a version number), people are far less likely to report the fingerprint. 2) Obviously a guess increases the chance of a false positive. It is often better to say "I don't know the OS" than to guess and be wrong. Cheers, Fyodor -- Fyodor 'finger pgp () pgp insecure org | pgp -fka' Frustrated by firewalls? Try nmap: http://www.insecure.org/nmap/ "Hacking is not about answers. Hacking is about the path you take to find the answers." --ReDragon
Current thread:
- OS Detection Question John Turner (May 03)
- Re: OS Detection Question Fyodor (May 03)
- Re: OS Detection Question Bruno Morisson (May 03)
- Re: OS Detection Question Saint skullY the Dazed (May 03)
- Re: OS Detection Question Marco Belmonte (May 04)
- Re: OS Detection Question Mr. Man (May 04)
- Re: OS Detection Question Cameron Palmer (May 05)
- Re: OS Detection Question Mr. Man (May 05)
- Re: OS Detection Question Fyodor (May 07)
- Re: Nmap vs DTK ? Nicodimus (May 11)
- Re: OS Detection Question Saint skullY the Dazed (May 04)
- Re: OS Detection Question Brian Kifiak (May 04)