Nmap Announce mailing list archives
Methods for evading Nmap OS Fingerprinting
From: Fyodor <fyodor () insecure org>
Date: Sun, 9 Mar 2003 15:47:05 -0800
Most of you probably know that several software packages are available which try to defeat Nmap OS fingerprinting. These include Honeyd, IP Personality, the "Stealth Patch", "Fingerprint Fucker", IPlog, etc. Normally, I wouldn't recommend spending your valuable security time trying to obscure your OS. Most companies would be better off working on fundamental security improvements such as applying patches, tightening their firewalls, installing IDS systems, removing unnecessary services and setuid binaries, etc. And sometimes this type of spoofing can actually increase security vulnerability. But OS spoofing can be useful for certain honeynet and research applications, or if you're just feeling bored and ornery enough to disguise your Linux box as an Apple Laserwriter or Sega Dreamcast :). In that vein, David Barroso Berrueta (tomac () somoslopeor com) today announced a new paper entitled "A practical approach for defeating Nmap OS-Fingerprinting." It is available at http://voodoo.somoslopeor.com/papers.php and provides an excellent examination of many of these Nmap deception tools. I certainly recommend it for people interested in this type of thing. Cheers, Fyodor -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Methods for evading Nmap OS Fingerprinting Fyodor (Mar 09)