Date: Fri, 29 Mar 2002 16:14:04 -0500 (EST) From: batz <batsy@vapour.net> To: Kris Kennaway <kris@obsecurity.org> Cc: Moti Levy <moti@flncs.com>, freebsd-security@FreeBSD.ORG Subject: Re: How can I erase my fingertips . Message-ID: <Pine.BSF.4.21.0203291606380.401-100000@vapour.net> In-Reply-To: <20020328182824.B25543@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Mar 2002, Kris Kennaway wrote: :You might be able to fool (the current version of) nmap, but it's :impossible to remove the characteristic features which allow one to :distinguish between one IP stack and another. Actually, I remember when I was doing intrusion tests against sites with sidewinder, it seemed to shuffle its responses so that we would get different fingerprints. I never verified whether this was a sidewinder feature, or because there was a traffic director in front of it, but it is a part of intrusion testing lore anyway. Also, because these fingerprints are specific signatures, and because nmap can also be fingerprinted, one could simply write an equivalent to fakeroute, which would listen for nmap OS scans, and jumble the responses. I realize this doesn't mean altering the stack tho. Funny, the security through obscurity (there needs to be a short form for that) strategy never works, but improved security through adequate obfuscation is often reasonable, while only just a few notches down the continuum. :) -- batz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0203291606380.401-100000>