been looking for a guide to prevent os fingerprinting.
using nmap -O *.*.*.* on host reveals it's OS etc, trying to prevent this. any links to any guides would be awesome. Soz for short post.
Posts: 4192 Location: The Netherlands Joined: 14.04.07 Rank: God Warn Level: 90
Posted on 14-08-08 04:23
http://www.pgci.ca/common/p_fingerprint.htm
Google. Six seconds.
"The chowner of property." - Zeph
[small]
“Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.” - Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
Author
RE: nmap -O
Member
Posts: Location: Joined: 01.01.70 Rank: Guest
Posted on 14-08-08 04:34
i've come across that one, but still not quite understanding what needs to be done. would prefer to have someone familiar with the topic to give us a link, not just a google search(amazingly enough ive done some of these, see, i too have heard of this google thing).
“Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.” - Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
Knowing how OS fingerprinting works is going to help you prevent/spoof it more than finding a link to prevent it.
You have multiple things to take into account. First off you have ports that are only open on certain operating systems. Thus something with 135/139 is going to give a high percentage of target being a Windows operating system.
Then you have the way operating systems respond to packets being sent in certain ways, to closed/open ports, with malformed data, short/long TTL, and etc. Some operating systems will respond in different ways to different types of packets.
Then you also have a service scan and, with certain programs, banner grabbing.. Finding an IIS webserver running on target OS will give higher percentage of target being Windows.
The best way to deal with this is being able to manage packets and ports. Providing a good ruleset within your firewall, IDS triggers, etc., is your best bet to stump and only give generality (like target OS is Windows) about target OS. Spoofing is another good viable option. Closing and opening ports that certain operating systems only have open will throw a high percentage of that OS and throw off the detection.
Main:
