From owner-freebsd-questions@FreeBSD.ORG Sun Feb 7 23:42:01 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0EADE1065676 for ; Sun, 7 Feb 2010 23:42:01 +0000 (UTC) (envelope-from kamikaze@bsdforen.de) Received: from mail.bsdforen.de (bsdforen.de [212.204.60.79]) by mx1.freebsd.org (Postfix) with ESMTP id C80E08FC16 for ; Sun, 7 Feb 2010 23:42:00 +0000 (UTC) Received: from mobileKamikaze.norad (unknown [88.130.212.152]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.bsdforen.de (Postfix) with ESMTP id 6CE668A159F; Mon, 8 Feb 2010 00:41:59 +0100 (CET) Message-ID: <4B6F4FC7.5090705@bsdforen.de> Date: Mon, 08 Feb 2010 00:41:59 +0100 From: Dominic Fandrey User-Agent: Thunderbird 2.0.0.23 (X11/20100206) MIME-Version: 1.0 To: yavuz References: <97371e801002070554n7a76a85fnbcce0cea7127cdb9@mail.gmail.com> In-Reply-To: <97371e801002070554n7a76a85fnbcce0cea7127cdb9@mail.gmail.com> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Cheating OS fingerprinting X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2010 23:42:01 -0000 yavuz wrote: > Hi all, > > I want to cheat os fingerprinting tools ( primary nmap) in my freebsd > machine. Assume I am using freebsd 8 and I want to be seen as a windows xp > machine when someone scans my ports. > > ... > I want to implement a freebsd tool that cheats os fingerprinting. As I said, > I have to analyze all incomming packets as a firewall and do some job if > packets are comming from a scanner. Can I implement this feature as a patch > to PF, or does PF provides some mechanisms to write extension modules? Can > you give any advices? Where is to start:) Well, you can simply redirect all traffic to a port on localhost, where your service is listening. However, said service needs to forward the regular traffic to the assigned ports in order to not block your entire networking capabilities. -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?