Penetration Testing mailing list archives
Re: Block OS Detection
From: Ivan Arce <ivan.arce () coresecurity com>
Date: Fri, 01 Feb 2008 23:12:32 -0200
Hello Sorry for the delay replying to this. Core Force does packet normalization and defragmentation of IP packets. However this behavior is not usercontrollable (it is in the kernel driver but you cant control it from the configuration GUI)
-ivan Danny Fullerton wrote:
Hi, Core Force those not implement packet normalization (scrub) of OpenBSD's pf if I recall. I don't known if they messed up with the stack signature in some other way. Ivan Arce, could you ratify? Otherwise..., almost any good firewall appliance should do the trick. We use redundant OpenBSD's systems for this kind of purpose in a production environment (highly critical 24/7/365). The firewall (pf) is extremely powerful (enterprise level), easy to understand and cost effective. Take a look at pfsync and CARP. One big advantage over PIX or alike is the fact that your actually dealing with a complete operating system: if you need to implement some other *twisted* security feature, the door is wide open without having too invest in some kind of upgrade. regards, --- Danny Fullerton IT Security Specialist, GCIH GHTQ Mantor Organization Ivan Arce wrote:OpenBSD's PF has been ported to Windows (pre-Vista) as part of a free firewall/endpoint security software. It is part of research work and in beta state (regular YMMV disclaimer) but I know it has been installed used on production servers for quite some time. The port of OpenBSD's PF provides a fully-featured and stable bidirectional statefull firewall that some found useful to have on windows systems. http://force.coresecurity.com -ivan Arafat M. Bique wrote:For Windows System and IIS is not quite easily to do that. I don't know if someone has a solution that isn't reverse proxy. Regards, Arafat M. Bique Network Infrastructure IT Department email:arafat.bique () bcifomento co mz Web:http://www.bcifomento.co.mz -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of John Brazel Sent: Wednesday, September 05, 2007 10:01 AM To: Attari Attari Cc: pen-test () securityfocus com Subject: Re: Block OS Detection OpenBSD's pf firewall has a 'scrub' option that allows normalisation of various TCP header fields, as well as fragment re-assembly and the like. J. On 8/31/07, Attari Attari <c70n3 () yahoo co in> wrote:Hello All: Is there a PRACTICAL solution from PRODUCTION environments that can be used to block OS detection from tools like NMAP? I googled and read some notes but couldn't find a real world solution to blocking Windows & Linux OS detection. I'm quite sure I'll get the right inputs here. Thank you. Attari Unlimited freedom, unlimited storage. Get it now, onhttp://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/ ------------------------------------------------------------------------This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- "Buy the ticket, take the ride" -HST Ivan Arce CTO CORE SECURITY TECHNOLOGIES http://www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Block OS Detection Ivan Arce (Feb 05)