[9766] in bugtraq
Re: Preventing remote OS detection
daemon@ATHENA.MIT.EDU (Crispin Cowan)
Tue Feb 23 19:08:44 1999
Date: Tue, 23 Feb 1999 18:58:29 +0000
Reply-To: crispin@CSE.OGI.EDU
From: Crispin Cowan <crispin@CSE.OGI.EDU>
X-To: tqbf@pobox.com
To: BUGTRAQ@NETSPACE.ORG
tqbf wrote:
> You probably can't, at least not without a significant, tedious, and
> error-prone code audit. We've been doing research on OS fingerprinting for
> the past few years, and there are hundreds of different stack-specific
> idiosynchricies.
That being the case, it sounds like the only way to reliably de-fingerprint an
OS is with an electronic pair of gloves: implement a new stack, and make it
portable across multiple platforms. Distribute it widely and support it, to get
lots of different kinds of systems to use it. Now people can still finger-print
your "glove" stack, but they can't tell what OS it's running on.
Of course, this is lots & lots of work, requires political buy-in from the
leaders of diverse projects like Linux, *BSD, and Windows :-), and is of
questionable value. I'd rather spend my time making my system of choice more
secure than working that hard to obscure my system of choice.
Crispin
-----
Crispin Cowan, Research Assistant Professor of Computer Science, OGI
NEW: Protect Your Linux Host with StackGuard'd Programs :FREE
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
Support Justice: Boycott Windows 98
