Re: Methods for evading Nmap OS Fingerprinting

From: Jason Dixon (jasondixon@myrealbox.com)
Date: Tue Mar 11 2003 - 11:58:17 EST

• Next message: Cedric Blancher: "Re: Methods for evading Nmap OS Fingerprinting"
• Previous message: Christian Navarrete: "pen-testing info"
• In reply to: Alex Lambert: "Re: Methods for evading Nmap OS Fingerprinting"
• Next in thread: Cedric Blancher: "Re: Methods for evading Nmap OS Fingerprinting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Note that some of the features you're referring to are specific to the
OpenBSD -current tree (pre 3.3), and not found in 3.2 -release or
-stable.

-J.

On Sun, 2003-03-09 at 17:18, Alex Lambert wrote:
> David,
>
> OpenBSD's "pf" has an interesting option called "scrub" that I don't believe
> you explored. The URL for the manpage is
> http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&arch=i386&apr
> opos=0&manpath=OpenBSD+Current and says:
>
> "Traffic normalization is used to sanitize packet content in such a way
> that there are no ambiguities in packet interpretation on the receiving
> side. The normalizer does IP fragment reassembly to prevent attacks
> that
> confuse intrusion detection systems by sending overlapping IP
> fragments."
>
> Some of its options, such as "random-id" could inhibit nmap success.
>
>
>
> Cheers,
>
> apl
>
> ----- Original Message -----
> From: "David Barroso" <tomac@somoslopeor.com>
> To: <pen-test@securityfocus.com>
> Sent: Sunday, March 09, 2003 6:17 AM
> Subject: Methods for evading Nmap OS Fingerprinting
>
>
> > Hello,
> > I've just released a brief paper about methods for defeating Nmap when
> > guessing the remote OS. Since most pen-testers run Nmap for OS discover,
> > they should know which apps are out there for fooling Nmap and how they
> > work.
> >
> > http://voodoo.somoslopeor.com/papers.php
> >
> > --------------------------------------------------------------------------
> --
> >
> > Are your vulnerability scans producing just another report?
> > Manage the entire remediation process with StillSecure VAM's
> > Vulnerability Repair Workflow.
> > Download a free 15-day trial:
> > http://www2.stillsecure.com/download/sf_vuln_list.html
> >
>
>
> ----------------------------------------------------------------------------
>
> Are your vulnerability scans producing just another report?
> Manage the entire remediation process with StillSecure VAM's
> Vulnerability Repair Workflow.
> Download a free 15-day trial:
> http://www2.stillsecure.com/download/sf_vuln_list.html
>
>
>

----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html

• Next message: Cedric Blancher: "Re: Methods for evading Nmap OS Fingerprinting"
• Previous message: Christian Navarrete: "pen-testing info"
• In reply to: Alex Lambert: "Re: Methods for evading Nmap OS Fingerprinting"
• Next in thread: Cedric Blancher: "Re: Methods for evading Nmap OS Fingerprinting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:30 EDT