Penetration Testing mailing list archives
Re: PIX and ttl
From: Nelson Brito <nelson () SECUNET COM BR>
Date: Fri, 25 May 2001 17:51:47 -0300
Fernando Cardoso wrote: [...]
I don't think so... I've tested all kind of Windows stuff and I always get 128 (local LAN). Maybe the results you're showing are the result of some kind of "PIX tweaking".-- Windows NT 4.0 x86 SP6a ( ttl = 128 ) in MY LAN 46 bytes from 10.1.3.20: flags=SA seq=0 ttl=128 id=25884 win=8576 rtt=0.5 ms
It's the default setting in WinNT´s Registry, but you can set it up to whatever value you want, just editing your NT Box. I already post, some times ago, talking about ICMP Fingerprint. The registry key you need modify to confuse the attacker(maybe penetration tester ;)) is: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] "DefaultTTL"=dword:000000ff This means the TTL is now set to 255 or 0x000000ff in hex. So, I could set this value to 0x00000081(129 in decimal), so it would be weird when some attacker try to "traceroute" this host. What do you think? ;)) PS: Sorry my poor English... Sem mais -- # Nelson Brito # Security Analyst and Penetration Tester # Security Networks AG - The trust Company! # # Usage: cat <file> | perl .signature foreach(<STDIN>){chop;split;(//,$_);print reverse @_;print "\n";}
Current thread:
- PIX and ttl Fernando Cardoso (May 24)
- RE: PIX and ttl Jason Lewis (May 25)
- RE: PIX and ttl Fernando Cardoso (May 25)
- Re: PIX and ttl Konstantin Rozinov (May 27)
- RE: PIX and ttl Jacek Lipkowski (May 25)
- RE: PIX and ttl Jason Lewis (May 26)
- RE: PIX and ttl Fernando Cardoso (May 25)
- <Possible follow-ups>
- Re: PIX and ttl Fabio Pietrosanti (naif) (May 25)
- RE: PIX and ttl Fernando Cardoso (May 25)
- Re: PIX and ttl Nelson Brito (May 26)
- RE: PIX and ttl Fernando Cardoso (May 25)
- Re: RE: PIX and ttl Fernando Cardoso (May 28)
- RE: RE: PIX and ttl Filipe Almeida (May 28)
- RE: RE: PIX and ttl Dario Ciccarone (May 28)
- RE: RE: PIX and ttl Filipe Almeida (May 28)
- Re: RE: RE: PIX and ttl Fernando Cardoso (May 28)
- Re: RE: RE: PIX and ttl Eugene Tsyrklevich (May 29)
- Re: RE: RE: PIX and ttl Fernando Cardoso (May 28)
- RE: PIX and ttl Jason Lewis (May 25)