PaulDotCom mailing list archives
Re: spoofing another machine's fingerprints
From: Robin Wood <robin () digininja org>
Date: Fri, 30 Aug 2013 15:04:39 +0100
On 30 August 2013 14:19, Joshua Wright <jwright () hasborg com> wrote:
Hi Robin, On Aug 29, 2013, at 6:57 PM, Robin Wood <robin () digininja org> wrote:As I asked about recently, I'll soon be testing a NAC type device and soI was wondering, is there a tool which will let me watch a device then clone its network fingerprint? By fingerprint I mean things like network settings such as TTLs but also open ports (probably couldn't spoof the service but at least open the port).I know there is a tool that is designed to fool attackers by having alist of different OS's and you chose which you want to pretend to be but rather than pick from a list I want to be able to point it at another machine and say "clone that". I don't think that exists. When I want to evade NAC systems, I usually start with a Scapy-generated 3-way handshake that mimic's an iPad or other device that I put together manually.
What do you do for IP? Do you work out what is on the network through passive observation and then pick something that looks appropriate? Any other suggestions on testing/avoiding NAC? I've not tested with one in action before and don't have anything to practice against. This particular test is to see if it is doing its job properly so specifics on testing a NAC would be good.
If a tool doesn't exist, and I don't think it will, can someone remindme of the name of the tool I described above and I'll have a look see if that can be modified. I think you mean OSFuscate by Irongeek: http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools .
Thats the one. Robin
-Josh _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- spoofing another machine's fingerprints Robin Wood (Aug 30)
- Re: spoofing another machine's fingerprints Joshua Wright (Aug 30)
- Re: spoofing another machine's fingerprints Robin Wood (Aug 30)
- Re: spoofing another machine's fingerprints Charles Watathi (Aug 31)
- Re: spoofing another machine's fingerprints Joshua Wright (Aug 31)
- Re: spoofing another machine's fingerprints Robin Wood (Sep 02)
- Re: spoofing another machine's fingerprints Robin Wood (Aug 30)
- Re: spoofing another machine's fingerprints Joshua Wright (Aug 30)