| View previous topic :: View next topic |
| Author |
Message |
cgibreak
n00b
Joined: 12 Oct 2003
Posts: 20
|
 Posted: Sun Oct 12, 2003 3:08 am Post subject: Circumventing OS detection |
 |
|
Is there a way to fool active OS detectors like nmap into thinking you're a different OS? Is it an iptables script? kernel module???
 |
|
| Back to top |
|
 |
ozonator
Guru
Joined: 11 Jun 2003
Posts: 591
Location: Ontario, Canada
|
| Posted: Sun Oct 12, 2003 4:05 am Post subject: |
|
|
This paper has an overview: http://voodoo.somoslopeor.com/papers/nmap.html (I first saw this linked on Slashdot)
One of the items mentioned there (IP Personality) seems to have gone stale, but the stealth patch is available for current kernels, and iplog is still current.
The grsecurity kernel patch includes "randomisation-improvements for the TCP/IP-stack", which likely would reduce chances of correct detection, but it also has a lot more to it, ACLs particularly; there's a Gentoo-specific guide.
Besides that, I suppose there's the 'hide behind an OpenBSD box' or the 'block all incoming packets' methods, but I'm guessing that neither of those are the sort of thing that you had in mind.  |
|
| Back to top |
|
|
devon
l33t
Joined: 23 Jun 2003
Posts: 943
|
| Posted: Sun Oct 12, 2003 5:31 am Post subject: |
|
|
| Here is another link to a thread here on the Gentoo forums. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Duplicate Threads
