[9771] in bugtraq
Re: Preventing remote OS detection
daemon@ATHENA.MIT.EDU (tqbf)
Tue Feb 23 20:19:08 1999
Date: Mon, 22 Feb 1999 17:05:58 -0500
Reply-To: tqbf@pobox.com
From: tqbf <ashland@POBOX.COM>
To: BUGTRAQ@NETSPACE.ORG
>There are many other ways to determine the operating system as well,
>most of which are described in a fairly recent phrack article (number 54
>if I am correct)
>by fyodor, and are addressed in the article mentionned below
>
>How can we mask our operating system from these tcp/ip stack
>fingerprinting tools while still being functional?
You probably can't, at least not without a significant, tedious, and
error-prone code audit. We've been doing research on OS fingerprinting for
the past few years, and there are hundreds of different stack-specific
idiosynchricies.
You'd definitely be making a large mistake to assume "OS detection" means
"nmap and queso".
-----------------------------------------------------------------------------
Thomas H. Ptacek Network Security Research Team, NAI
-----------------------------------------------------------------------------
"If you're so special, why aren't you dead?"
