[9772] in bugtraq
Re: Preventing remote OS detection
daemon@ATHENA.MIT.EDU (James Lockwood)
Tue Feb 23 20:28:51 1999
Date: Mon, 22 Feb 1999 14:17:41 -0800
Reply-To: James Lockwood <james@VANEYCK.GII.GETTY.EDU>
From: James Lockwood <james@VANEYCK.GII.GETTY.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <36D18C0F.1184C638@pgci.ca>
On Mon, 22 Feb 1999, Patrick Gilbert wrote:
> A technique exists to determine a remote operating system by sending
> obscure tcp
> packets and analyzing the response. Two utilites known as queso and nmap
> can
> determine with enough precision your operating system. This has been
> known for quite some time, but I haven't seen much on how to prevent it.
It's probably worth mentioning that IP Filter by Darren Reed can trap
many abnormal packets "in the wild", before the system TCP stack gets a
chance to play with them. I prefer to swallow up anything that doesn't
fit my filters, but by playing with responses returned when packets with
strange flags are received you can forge another system.
I wouldn't think of running a production internet system without it:
http://coombs.anu.edu.au/~avalon/
--
James D. Lockwood The (former) Getty Information Institute
System Administrator 1200 Getty Center Drive, Suite 300
james@gii.getty.edu Los Angeles, CA 90049-1680
