Date: Sun, 7 Feb 2010 15:54:41 +0200 From: yavuz <sakncli@gmail.com> To: freebsd-questions@freebsd.org Subject: Cheating OS fingerprinting Message-ID: <97371e801002070554n7a76a85fnbcce0cea7127cdb9@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I want to cheat os fingerprinting tools ( primary nmap) in my freebsd machine. Assume I am using freebsd 8 and I want to be seen as a windows xp machine when someone scans my ports. In order to determine target host's OS, nmap sends seven TCP/IP crafted packets (called tests) and waits for the answer. Results are checked against a database of known results (OS signatures database). If the answer matches any of the entries in the database, it can guess that the remote OS is the same that the one in the database. Some Nmap packets are sent to an open port and the others to a closed port; depending on that results, the remote OS is guessed. So to cheat nmap, I have to analyze all incomming packets (as a firewall) and if a test packet coming from a scanner is found I have to give appropriate reply packet (depending on the os signature I want to use). IPPersonality <http://ippersonality.sourceforge.net/>; is an old linux patch does the same job. I want to implement a freebsd tool that cheats os fingerprinting. As I said, I have to analyze all incomming packets as a firewall and do some job if packets are comming from a scanner. Can I implement this feature as a patch to PF, or does PF provides some mechanisms to write extension modules? Can you give any advices? Where is to start:) best regards... yavuz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97371e801002070554n7a76a85fnbcce0cea7127cdb9>