Re: OS Fingerprint

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: 谷子 <wsgtrsys@cta.cq.cn>
To: netfilter@lists.netfilter.org
Subject: Re: OS Fingerprint
Date: Tue, 30 Nov 2004 22:15:30 +0800	[thread overview]
Message-ID: <002201c4d6e7$0f2ca4f0$0a00a8c0@gtr> (raw)

On 11/29/04 17:12, Daniel Chemko wrote:
> Vlado Had wrote:
> 
>>hi, could somebody help me, how can i change
>>osfingerprint in packets?
>>thanks
> 
> 
> Do some homework. Basically a scanner uses inherent flaws in a packet
> response to determine the destination machine, but it could also use the
> fingerprint of the services running on the PC. Ex. if I implement 100%
> faking on the networking part of my stealthing, but leave apache open,
> the apache could say Redhat Linux blahblahblah and give it all away to
> the hacker. It isn't just 'change TOS to random', or MSS to y, or block
> all n packets to port q. Those are some OS fingerprint examples, but the
> technique is a lot more detailed. If in doubt, tear open the nmap code!
>
>
>The IP Personality patch may be a solution, although it could only do so 
>much as pointed out above (running network processes giving you away, 
>etc) ... "http://ippersonality.sourceforge.net/"

>
>Unfortunately, it doesn't appear to be actively maintained any longer.. 
 > Linux 2.4.18 and iptables 1.2.2 were the last official releases, with 
>a 2.4.20 patch here that doesn't seem to have ever made it onto the 
>official download page.
>"http://sourceforge.net/tracker/index.php?func=detail&aid=647045&group_id=7557&atid=307557" 


>Additionaly, some OS fingerprinting tools such as p0f can be tricked by 
>carefully modifying sysctl values such as ip_default_ttl, etc as they 
>rely on matching a certain profile.

>Bryan


but ippersonality can't support kernel 2.4.27 and iptables 1.2.11?

next             reply	other threads:[~2004-11-30 14:15 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-11-30 14:15 谷子 [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-11-29 22:27 OS Fingerprint Hudson Delbert J Contr 61 CS/SCBN
2004-11-29 22:12 Daniel Chemko
2004-11-30  4:02 ` Bryan Shake
2004-11-29 21:57 Vlado Had
2004-11-30 14:21 ` Aleksandar Milivojevic
2003-11-18 11:14 hclfm
2003-11-18 10:05 Rodre Ghorashi-Zadeh
2003-11-18 10:57 ` Antony Stone
2003-11-18 14:29 ` Chris Brenton
2003-11-18 15:57   ` Maciej Soltysiak

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='002201c4d6e7$0f2ca4f0$0a00a8c0@gtr' \
    --to=wsgtrsys@cta.cq.cn \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox