* module question
@ 2002-05-28 22:10 Shipman, Jeffrey E
2002-05-29 8:40 ` Rainer Ellinger
0 siblings, 1 reply; 3+ messages in thread
From: Shipman, Jeffrey E @ 2002-05-28 22:10 UTC (permalink / raw)
To: 'linux-kernel@vger.kernel.org'
I have been assigned to a project where we are trying to fool
OS footprinters into thinking the machine is running another
OS. I was thinking I could write a module which registers
a packet handler to modify the TCP/IP headers as necessary.
I haven't really looked into this all much.
I would like to be able to have some sort of user-space
GUI that the root user could run to allow for dynamic
configuration of the module. My question is: what would be
the best way to go about this? Should I keep the current
config of the module inside /proc so that way both the
GUI has access to it and the module has instantaneous
access to it without having to be reloaded?
I would like to avoid patching the kernel and just keeping
it to a module. However, any tips or advice that anyone
can provide would be most helpful.
BTW, if you could CC any answers to me, I'd appreciate
it as I'm not subscribed to the list.
Thanks in advance for your wisdom,
Jeff Shipman - CCD
Sandia National Laboratories
(505) 844-1158 / MS-1372
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: module question
[not found] <03781128C7B74B4DBC27C55859C9D7380984062E@es06snlnt.suse.lists.linux.kernel>
@ 2002-05-28 22:23 ` Andi Kleen
0 siblings, 0 replies; 3+ messages in thread
From: Andi Kleen @ 2002-05-28 22:23 UTC (permalink / raw)
To: Shipman, Jeffrey E; +Cc: linux-kernel
"Shipman, Jeffrey E" <jeshipm@sandia.gov> writes:
> I have been assigned to a project where we are trying to fool
> OS footprinters into thinking the machine is running another
> OS. I was thinking I could write a module which registers
> a packet handler to modify the TCP/IP headers as necessary.
> I haven't really looked into this all much.
It's probably impossible to fool advanced tools like http://www.icir.org/tbit/
unless you change some fundamental algorithms in linux TCP (like the
retransmit state machine) or replace it with another TCP.
-Andi
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: module question
2002-05-28 22:10 module question Shipman, Jeffrey E
@ 2002-05-29 8:40 ` Rainer Ellinger
0 siblings, 0 replies; 3+ messages in thread
From: Rainer Ellinger @ 2002-05-29 8:40 UTC (permalink / raw)
To: Shipman, Jeffrey E; +Cc: linux-kernel
Shipman, Jeffrey E wrote:
> I have been assigned to a project where we are trying to fool
> OS footprinters into thinking the machine is running another
> OS. I was thinking I could write a module which registers
Some links that might be interesting for you:
http://ippersonality.sourceforge.net/
http://www.stearns.org/p0f/
--
rainer@ellinger.de
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-05-29 8:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-05-28 22:10 module question Shipman, Jeffrey E
2002-05-29 8:40 ` Rainer Ellinger
[not found] <03781128C7B74B4DBC27C55859C9D7380984062E@es06snlnt.suse.lists.linux.kernel>
2002-05-28 22:23 ` Andi Kleen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox