From owner-freebsd-security Fri Mar 29 13:21:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from vapour.net (vapour.net [198.96.117.180]) by hub.freebsd.org (Postfix) with ESMTP id 547F237B405 for ; Fri, 29 Mar 2002 13:21:48 -0800 (PST) Received: from vapour.net (vapour.net [198.96.117.180]) by vapour.net (8.11.6/8.11.6) with ESMTP id g2TLE4C04276; Fri, 29 Mar 2002 16:14:04 -0500 (EST) (envelope-from batsy@vapour.net) Date: Fri, 29 Mar 2002 16:14:04 -0500 (EST) From: batz To: Kris Kennaway Cc: Moti Levy , freebsd-security@FreeBSD.ORG Subject: Re: How can I erase my fingertips . In-Reply-To: <20020328182824.B25543@xor.obsecurity.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 28 Mar 2002, Kris Kennaway wrote: :You might be able to fool (the current version of) nmap, but it's :impossible to remove the characteristic features which allow one to :distinguish between one IP stack and another. Actually, I remember when I was doing intrusion tests against sites with sidewinder, it seemed to shuffle its responses so that we would get different fingerprints. I never verified whether this was a sidewinder feature, or because there was a traffic director in front of it, but it is a part of intrusion testing lore anyway. Also, because these fingerprints are specific signatures, and because nmap can also be fingerprinted, one could simply write an equivalent to fakeroute, which would listen for nmap OS scans, and jumble the responses. I realize this doesn't mean altering the stack tho. Funny, the security through obscurity (there needs to be a short form for that) strategy never works, but improved security through adequate obfuscation is often reasonable, while only just a few notches down the continuum. :) -- batz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message