Re: spoofing another machine's fingerprints

[Joshua Wright <jwright () hasborg com>]

Hi Robin,

On Aug 29, 2013, at 6:57 PM, Robin Wood <robin () digininja org> wrote:

> As I asked about recently, I'll soon be testing a NAC type device and so I was wondering, is there a tool which will 
> let me watch a device then clone its network fingerprint? By fingerprint I mean things like network settings such as 
> TTLs but also open ports (probably couldn't spoof the service but at least open the port).
>
> I know there is a tool that is designed to fool attackers by having a list of different OS's and you chose which you 
> want to pretend to be but rather than pick from a list I want to be able to point it at another machine and say 
> "clone that".

I don't think that exists.  When I want to evade NAC systems, I usually start with a Scapy-generated 3-way handshake 
that mimic's an iPad or other device that I put together manually.

> If a tool doesn't exist, and I don't think it will, can someone remind me of the name of the tool I described above 
> and I'll have a look see if that can be modified.

I think you mean OSFuscate by Irongeek: 
http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools.

-Josh
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com