David, OpenBSD's "pf" has an interesting option called "scrub" that I don't believe you explored. The URL for the manpage is http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&arch=i386&apr opos=0&manpath=OpenBSD+Current and says: "Traffic normalization is used to sanitize packet content in such a way that there are no ambiguities in packet interpretation on the receiving side. The normalizer does IP fragment reassembly to prevent attacks that confuse intrusion detection systems by sending overlapping IP fragments." Some of its options, such as "random-id" could inhibit nmap success. Cheers, apl ----- Original Message ----- From: "David Barroso" <tomacat_private> To: <pen-testat_private> Sent: Sunday, March 09, 2003 6:17 AM Subject: Methods for evading Nmap OS Fingerprinting > Hello, > I've just released a brief paper about methods for defeating Nmap when > guessing the remote OS. Since most pen-testers run Nmap for OS discover, > they should know which apps are out there for fooling Nmap and how they > work. > > http://voodoo.somoslopeor.com/papers.php > > -------------------------------------------------------------------------- -- > > Are your vulnerability scans producing just another report? > Manage the entire remediation process with StillSecure VAM's > Vulnerability Repair Workflow. > Download a free 15-day trial: > http://www2.stillsecure.com/download/sf_vuln_list.html > ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 08:51:12 PST