Slashdot Mirror
Fooling NMAP for Whatever Reason
taviso writes "Are you bored with your OS fingerprint? Do you dream of being able to impress your friends by convincing them your webserver is running on a sega dreamcast, or Apple LaserWriter? Well Dream no more! David Berrueta has written a paper oulining the techniques and tools available to defeat nmap's OS fingerprinting, available here [pdf]. Besides the hours of entertainment this could provide, he also lists some of the more serious reasons why you might want to consider this."
I could just see slashdot running on a Trash - 80. .
Modular Redundancy--Because 4 out of 5 Nodes agree
On my atari!
Well, this proves that it doesn't matter what OS fingerprint you have, you can still get slashdotted...
OS fingerprinting is dying!
(sorry. someone had to...)
Well, not me personally. But what do you think Microsoft has been doing all the years? Considering how stable their site is (and taking into account the humongous crash when they tried to move Hotmail onto WinNT), I'm convinced that they've been running the whole MSN network on Unix-based servers, disguising them as Windows ;)
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I predict 2 minutes from now that someone tells you to not use insecure crappy telnet but ssh instead.
Quoting from "Microsoft IIS 5 Administration" ) pp 52) ...
Longwinded way of saying Unix/Linux is percieved as being harder to crack. :)
Do you even lift?
These aren't the 'roids you're looking for.
Compy 386
Yessiirreee,
I'm servin' mah HTTP files from this here ol' guitar and my FTP files from an empty bottle-a-booze.
And this post, yes HTTP_REFERER was from the ol' cadillac factory I once worked at; the one where I snagged my dancin' machine car one peice at a time over twenty or some number of years-*HICUP*
-SlashdotTroll (because slashdot don't like me, my karma is terrible, and at -1 they only let me post twice in 24hours from this ol' Folsom prison I'm stuck in.)
"What happens when we inadvertantly give M$ 98.2% of the 'known' server market?"
We get even more crap directed against our webservers until we get tired, and declare it to be a BSD box.
Dammit, just give up asking my linux/apache server for "../../../../windows/" you morons!
Actually emulating a TI calculator will make the attacker think "well this guy obviously has the skill and have taken the time to emulate a silly calculator, better not screw with someone as l33t as him"
This is cool and all, but these days worms and virii select victims at random so your fingerprint won't make a damn bit of difference, except you might think you are a bit safer but you are not.
Silly Rabbit: tricks are for kids.
Some people have said that OS detection is only used for exploiting things. I don't know about other people, but I at least use it as a simple measure of intelligence. XP being lowest, other Windows next lowest, Mac and OSX somewhere in the middle, and everything else a bit higher. Of course, with everyone switching to Linux, including the less intelligent people (this is what Lindows is for), I might have to stop making these assumptions...
Luke-Jr
Thats right.
;)
I use this so that people think my Sega Dreamcast, TI calculator, and Epson Dot Matrix are normal servers.
Nah, Sega Dreamcast is *way* too suspicious. Hackers would be like "WTF? How is that possible?" and then they'd explore further.
:)
What you'd really want to do is set the fingerprint to something like the old, unpatched Windows 95. Then the attackers will think "ROFL, dumbass admin running windoze! ATTACK!" and then your logs show some lame attack that might have worked on windows, but doesn't work on linux, and you get an early warning of any attacks that come your way