RE: nmap os detection!

There was just a thread about this on the honeypot mailling list (honeypots@securityfocus.com). Not only can you make the OS undetectable, you can also fake other OS's in the nmap scan. Links from honeypot threads:

http://ippersonality.sourceforge.net/
http://www.raisdorf.net/projects/pfprintd/

you also might be interested in honeynet http://www.citi.umich.edu/u/provos/honeyd/

There are kernel options (TCP_DROP_SYNFIN) you can set to blackhole OS guessing. Check the honeypot archive for specifics.

-Ethan

-----Original Message-----
From: Prathap R [mailto:prathap.r@indiatimes.com] Sent: Friday, February 07, 2003 6:44 AM
To: SECURITY-BASICS@securityfocus.com
Subject: nmap os detection!

hello all,

         i just used nmap to detect the os on the network. out of curiosity,i want to know if there is a way of making the OS undetectable. it will be of great help if anyone could point out how do it?. i am using both windows and linux.
thanks in advance.
regards,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

       Prathap

Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com

 Buy the best in Movies at http://www.videos.indiatimes.com

Bid for for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now ! Received on Fri Feb 7 18:42:34 2003