On Tue, 2003-11-18 at 05:05, Rodre Ghorashi-Zadeh wrote: > > Does anybody on this list have a rule that I can use to change the OS > fingerprint of all packets leaving my DMZ? Thanks in advance. Os passive fingerprinting is typically done with ICMP type 8's as well as TCP SYN packets. Its possible to do it with SYN/ACKs, but its not easy. You could use iptables to rewrite the TTL. That usually the first value people key in on to do OS detection. That, and its something you could do to "all packets" as you require. It will not fool everyone, but any other changes will only be applicable to certain packets. HTH, C
