How to hide or change TCP/IP fingerprint?

coderoar · 2008-10-30 08:45:46

After executing 'nmap -O -A 127.0.0.1', it returns some lines starting with 'OS:'. How to change it?

dav7 · 2008-10-30 10:58:55

Look in the sourcecode for nmap, find how it figures out the Linux part, then rewrite your TCP/IP stack to not operate in a way nmap can detect.

coderoar · 2008-10-30 11:30:42

Yeah, but I don't know about linux system api at all.

dav7 · 2008-10-30 12:32:15

Well, since nmap's fingerprint is based on the way the TCP/IP stack works, there's no real way except to rewrite the appropriate parts of said stack.

byte · 2008-10-30 13:25:57

If that box isn't connected to the internet directly and behind a router it doesn't matter anyway.

coderoar · 2008-10-30 14:50:17

However, I really need to avoid these messages. Can iptables do this work?

byte · 2008-10-30 16:15:28

What messages, just the OS: fingerprint lines from nmap? Well, don't use OS detection or version scanning, read the manpage, grep -v the output...

fukawi2 · 2008-10-30 22:16:53

Perhaps if you tell us what your goal is, rather than how you think you need to get there, we will be able to give more accurate answers

broch · 2008-10-31 00:29:47

protecting against tcp/ip fingerprinting is possible. None of the methods used tries to modify tcp/ip stack.
shrug

coderoar · 2008-10-31 10:19:12

byte wrote:

What messages, just the OS: fingerprint lines from nmap? Well, don't use OS detection or version scanning, read the manpage, grep -v the output...

Yes, only fingerprint. I want to prevent others from knowing the type of my OS.

filou.linux · 2008-10-31 11:48:04

So aren't you proud of the OS that you are using? ;-)

coderoar · 2008-10-31 15:55:44

filou.linux wrote:

So aren't you proud of the OS that you are using? ;-)

I like and rely on Arch but I have to hide myself because of some restrictions by my ISP.

kclive18 · 2008-10-31 17:27:23

That's weird...so they restrict you from using Linux?

coderoar · 2008-11-01 03:47:02

No, they only restict routers. But perhaps they can't distinguish between a Linux PC and a router.

daf666 · 2008-11-01 08:41:02

Just close all ports tightly with IP tables.., no one will get no reply thus not knowing whats hehind that IP.

Arch Linux

#1 2008-10-30 08:45:46

How to hide or change TCP/IP fingerprint?

#2 2008-10-30 10:58:55

Re: How to hide or change TCP/IP fingerprint?

#3 2008-10-30 11:30:42

Re: How to hide or change TCP/IP fingerprint?

#4 2008-10-30 12:32:15

Re: How to hide or change TCP/IP fingerprint?

#5 2008-10-30 13:25:57

Re: How to hide or change TCP/IP fingerprint?

#6 2008-10-30 14:50:17

Re: How to hide or change TCP/IP fingerprint?

#7 2008-10-30 16:15:28

Re: How to hide or change TCP/IP fingerprint?

#8 2008-10-30 22:16:53

Re: How to hide or change TCP/IP fingerprint?

#9 2008-10-31 00:29:47

Re: How to hide or change TCP/IP fingerprint?

#10 2008-10-31 10:19:12

Re: How to hide or change TCP/IP fingerprint?

#11 2008-10-31 11:48:04

Re: How to hide or change TCP/IP fingerprint?

#12 2008-10-31 15:55:44

Re: How to hide or change TCP/IP fingerprint?

#13 2008-10-31 17:27:23

Re: How to hide or change TCP/IP fingerprint?

#14 2008-11-01 03:47:02

Re: How to hide or change TCP/IP fingerprint?

#15 2008-11-01 08:41:02

Re: How to hide or change TCP/IP fingerprint?

Board footer