Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 18
Members Online: 9

Registered Members: 82882
Newest Member: imtheboss
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

nmap -O


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-08-08 04:16
been looking for a guide to prevent os fingerprinting.
using nmap -O *.*.*.* on host reveals it's OS etc, trying to prevent this. any links to any guides would be awesome. Soz for short post.


Author

RE: nmap -O

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 14-08-08 04:23
http://www.pgci.ca/common/p_fingerprint.htm

Google. Six seconds.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: nmap -O


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-08-08 04:34
i've come across that one, but still not quite understanding what needs to be done. would prefer to have someone familiar with the topic to give us a link, not just a google search(amazingly enough ive done some of these, see, i too have heard of this google thing).


Author

RE: nmap -O

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 14-08-08 04:46
'And he kept on spamming links'.


http://www.usenix.org/events/sec2000/full_papers/smart/smart_html/



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: nmap -O

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 14-08-08 10:16
spyware wrote:
'And he kept on spamming links'.

Damn you spyware. I don't even think that's fun for real, but it made me laugh IRL Grin


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: nmap -O


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-08-08 22:49
Knowing how OS fingerprinting works is going to help you prevent/spoof it more than finding a link to prevent it.

You have multiple things to take into account. First off you have ports that are only open on certain operating systems. Thus something with 135/139 is going to give a high percentage of target being a Windows operating system.

Then you have the way operating systems respond to packets being sent in certain ways, to closed/open ports, with malformed data, short/long TTL, and etc. Some operating systems will respond in different ways to different types of packets.

Then you also have a service scan and, with certain programs, banner grabbing.. Finding an IIS webserver running on target OS will give higher percentage of target being Windows.

The best way to deal with this is being able to manage packets and ports. Providing a good ruleset within your firewall, IDS triggers, etc., is your best bet to stump and only give generality (like target OS is Windows) about target OS. Spoofing is another good viable option. Closing and opening ports that certain operating systems only have open will throw a high percentage of that OS and throw off the detection.