Methods for evading Nmap OS Fingerprinting

[Fyodor <fyodor () insecure org>]

Most of you probably know that several software packages are available
which try to defeat Nmap OS fingerprinting.  These include Honeyd, IP
Personality, the "Stealth Patch", "Fingerprint Fucker", IPlog, etc.
Normally, I wouldn't recommend spending your valuable security time
trying to obscure your OS.  Most companies would be better off working
on fundamental security improvements such as applying patches,
tightening their firewalls, installing IDS systems, removing
unnecessary services and setuid binaries, etc.  And sometimes this
type of spoofing can actually increase security vulnerability.  But OS
spoofing can be useful for certain honeynet and research applications,
or if you're just feeling bored and ornery enough to disguise
your Linux box as an Apple Laserwriter or Sega Dreamcast :).

In that vein, David Barroso Berrueta (tomac () somoslopeor com) today
announced a new paper entitled "A practical approach for defeating
Nmap OS-Fingerprinting."  It is available at
http://voodoo.somoslopeor.com/papers.php and provides an excellent
examination of many of these Nmap deception tools.  I certainly
recommend it for people interested in this type of thing.

Cheers,
Fyodor

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).