On 11/29/04 17:12, Daniel Chemko wrote: > Vlado Had wrote: > >>hi, could somebody help me, how can i change >>osfingerprint in packets? >>thanks > > > Do some homework. Basically a scanner uses inherent flaws in a packet > response to determine the destination machine, but it could also use the > fingerprint of the services running on the PC. Ex. if I implement 100% > faking on the networking part of my stealthing, but leave apache open, > the apache could say Redhat Linux blahblahblah and give it all away to > the hacker. It isn't just 'change TOS to random', or MSS to y, or block > all n packets to port q. Those are some OS fingerprint examples, but the > technique is a lot more detailed. If in doubt, tear open the nmap code! > > >The IP Personality patch may be a solution, although it could only do so >much as pointed out above (running network processes giving you away, >etc) ... "http://ippersonality.sourceforge.net/"; > >Unfortunately, it doesn't appear to be actively maintained any longer.. > Linux 2.4.18 and iptables 1.2.2 were the last official releases, with >a 2.4.20 patch here that doesn't seem to have ever made it onto the >official download page. >"http://sourceforge.net/tracker/index.php?func=detail&aid=647045&group_id=7557&atid=307557"; >Additionaly, some OS fingerprinting tools such as p0f can be tricked by >carefully modifying sysctl values such as ip_default_ttl, etc as they >rely on matching a certain profile. >Bryan but ippersonality can't support kernel 2.4.27 and iptables 1.2.11?
