| Author | nmap -O |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
been looking for a guide to prevent os fingerprinting.
using nmap -O *.*.*.* on host reveals it's OS etc, trying to prevent this. any links to any guides would be awesome. Soz for short post.
|
 |
| Author | RE: nmap -O |
spyware
Member
Posts: 4192
Location:
Joined: 14.04.07
Rank: God
Warn Level: 90
| |
http://www.pgci.ca/common/p_fingerprint.htm
Google. Six seconds.
"The chowner of property." - Zeph [small]�Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.� - Carl Sagan [center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce |
|
|
| Author | RE: nmap -O |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
i've come across that one, but still not quite understanding what needs to be done. would prefer to have someone familiar with the topic to give us a link, not just a google search(amazingly enough ive done some of these, see, i too have heard of this google thing).
|
|
|
| Author | RE: nmap -O |
spyware
Member
Posts: 4192
Location:
Joined: 14.04.07
Rank: God
Warn Level: 90
| |
'And he kept on spamming links'.
http://www.usenix.org/events/sec2000/full_papers/smart/smart_html/
"The chowner of property." - Zeph [small]�Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.� - Carl Sagan [center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce |
|
|
| Author | RE: nmap -O |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: Hacker Level 3 | |
spyware wrote:
'And he kept on spamming links'.
Damn you spyware. I don't even think that's fun for real, but it made me laugh IRL 
http://uber0n.web. . . |
  |
| Author | RE: nmap -O |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Knowing how OS fingerprinting works is going to help you prevent/spoof it more than finding a link to prevent it.
You have multiple things to take into account. First off you have ports that are only open on certain operating systems. Thus something with 135/139 is going to give a high percentage of target being a Windows operating system.
Then you have the way operating systems respond to packets being sent in certain ways, to closed/open ports, with malformed data, short/long TTL, and etc. Some operating systems will respond in different ways to different types of packets.
Then you also have a service scan and, with certain programs, banner grabbing.. Finding an IIS webserver running on target OS will give higher percentage of target being Windows.
The best way to deal with this is being able to manage packets and ports. Providing a good ruleset within your firewall, IDS triggers, etc., is your best bet to stump and only give generality (like target OS is Windows) about target OS. Spoofing is another good viable option. Closing and opening ports that certain operating systems only have open will throw a high percentage of that OS and throw off the detection.
|
|
|
