Vlado Had wrote:
hi, could somebody help me, how can i change osfingerprint in packets? thanks
Do some homework. Basically a scanner uses inherent flaws in a packet response to determine the destination machine, but it could also use the fingerprint of the services running on the PC. Ex. if I implement 100% faking on the networking part of my stealthing, but leave apache open, the apache could say Redhat Linux blahblahblah and give it all away to the hacker. It isn't just 'change TOS to random', or MSS to y, or block all n packets to port q. Those are some OS fingerprint examples, but the technique is a lot more detailed. If in doubt, tear open the nmap code!
The IP Personality patch may be a solution, although it could only do so much as pointed out above (running network processes giving you away, etc) ... "http://ippersonality.sourceforge.net/";
Unfortunately, it doesn't appear to be actively maintained any longer.. Linux 2.4.18 and iptables 1.2.2 were the last official releases, with a 2.4.20 patch here that doesn't seem to have ever made it onto the official download page.
"http://sourceforge.net/tracker/index.php?func=detail&aid=647045&group_id=7557&atid=307557";
Additionaly, some OS fingerprinting tools such as p0f can be tricked by carefully modifying sysctl values such as ip_default_ttl, etc as they rely on matching a certain profile.
Bryan
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
