Re: Block OS Detection

From: Joxean Koret (joxeankoret@yahoo.es)
Date: Tue Sep 04 2007 - 16:30:34 EDT

• Next message: Peter Manis: "Re: Reporting website vulnerabilities"
• Previous message: Philippe Bogaerts: "RE: Block OS Detection"
• In reply to: Jon DeShirley: "Block OS Detection"
• Next in thread: Robert E. Lee: "Re: Block OS Detection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

The problem is that there is no real solution to do what Attari wants;
no real-world practical solution.

You can confuse a tool but not all the tools in the internet or a not
too skilled guy doing a _manual_ test. The unique way, IMHO, is by
putting machines in front of the real production server (it may confuse
a little the tcp stack probes).

Anyway, reading the banners and analyzing how the applications in the
server answers (and what applications/protocols are being used) you can
guess the real operative system; various services (such as the stupid
dtscpd) will say even the architecture (sparc, i386) so...

Just my opinion.

PS: I don't consider interesting blocking OS detection, except as a
joke.

Regards,
Joxean Koret

On lun, 2007-09-03 at 10:51 -0700, Jon DeShirley wrote:
> Changing default stack values will give you a little bit of protection
> from OS fingerprinting, but there are usually other identifiers that
> will give your stack away. Dropping SYN+FIN, altering default TCL TTL
> values, changing the default TCP window size, and a few other things
> will fool a passive OS fingerprint. A few of the techniques are
> documented here: http://www.zog.net/Docs/nmap.html .
>
> But this is all moot, unless you go through all your service banners
> to sanitize them and block all default services (ie: Active Directory,
> Linuxconf, or ToolTalk) that would give your platform away.
>
>
> On 8/31/07, Attari Attari <c70n3@yahoo.co.in> wrote:
>
> > Is there a PRACTICAL solution from PRODUCTION
> > environments that can be used to block OS detection
> > from tools like NMAP? I googled and read some notes
> > but couldn't find a real world solution to blocking
> > Windows & Linux OS detection.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>

        
        
                
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y msviles desde 1 cintimo por minuto.
http://es.voice.yahoo.com

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: Peter Manis: "Re: Reporting website vulnerabilities"
• Previous message: Philippe Bogaerts: "RE: Block OS Detection"
• In reply to: Jon DeShirley: "Block OS Detection"
• Next in thread: Robert E. Lee: "Re: Block OS Detection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:05 EDT