Cheating OS fingerprinting
yavuz
sakncli at gmail.com
Sun Feb 7 13:54:43 UTC 2010
Hi all,
I want to cheat os fingerprinting tools ( primary nmap) in my freebsd
machine. Assume I am using freebsd 8 and I want to be seen as a windows xp
machine when someone scans my ports.
In order to determine target host's OS, nmap sends seven TCP/IP crafted
packets (called tests) and waits for the answer. Results are checked against
a database of known results (OS signatures database). If the answer matches
any of the entries in the database, it can guess that the remote OS is the
same that the one in the database. Some Nmap packets are sent to an open
port and the others to a closed port; depending on that results, the remote
OS is guessed. So to cheat nmap, I have to analyze all incomming packets (as
a firewall) and if a test packet coming from a scanner is found I have to
give appropriate reply packet (depending on the os signature I want to use).
IPPersonality <http://ippersonality.sourceforge.net/> is an old linux patch
does the same job.
I want to implement a freebsd tool that cheats os fingerprinting. As I said,
I have to analyze all incomming packets as a firewall and do some job if
packets are comming from a scanner. Can I implement this feature as a patch
to PF, or does PF provides some mechanisms to write extension modules? Can
you give any advices? Where is to start:)
best regards...
yavuz
More information about the freebsd-questions
mailing list