Re: Methods for evading Nmap OS Fingerprinting

From: Jason Dixon (jasondixonat_private)
Date: Tue Mar 11 2003 - 08:58:17 PST

Next message: Cedric Blancher: "Re: Methods for evading Nmap OS Fingerprinting"

Previous message: Christian Navarrete: "pen-testing info"
In reply to: Alex Lambert: "Re: Methods for evading Nmap OS Fingerprinting"
Next in thread: Cedric Blancher: "Re: Methods for evading Nmap OS Fingerprinting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Note that some of the features you're referring to are specific to the
OpenBSD -current tree (pre 3.3), and not found in 3.2 -release or
-stable.

-J.

On Sun, 2003-03-09 at 17:18, Alex Lambert wrote:
> David,
> 
> OpenBSD's "pf" has an interesting option called "scrub" that I don't believe
> you explored. The URL for the manpage is
> http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&arch=i386&apr
> opos=0&manpath=OpenBSD+Current and says:
> 
>    "Traffic normalization is used to sanitize packet content in such a way
>      that there are no ambiguities in packet interpretation on the receiving
>      side.  The normalizer does IP fragment reassembly to prevent attacks
> that
>      confuse intrusion detection systems by sending overlapping IP
> fragments."
> 
> Some of its options, such as "random-id" could inhibit nmap success.
> 
> 
> 
> Cheers,
> 
> apl
> 
> ----- Original Message -----
> From: "David Barroso" <tomacat_private>
> To: <pen-testat_private>
> Sent: Sunday, March 09, 2003 6:17 AM
> Subject: Methods for evading Nmap OS Fingerprinting
> 
> 
> > Hello,
> > I've just released a brief paper about methods for defeating Nmap when
> > guessing the remote OS. Since most pen-testers run Nmap for OS discover,
> > they should know which apps are out there for fooling Nmap and how they
> > work.
> >
> > http://voodoo.somoslopeor.com/papers.php
> >
> > --------------------------------------------------------------------------
> --
> >
> > Are your vulnerability scans producing just another report?
> > Manage the entire remediation process with StillSecure VAM's
> > Vulnerability Repair Workflow.
> > Download a free 15-day trial:
> > http://www2.stillsecure.com/download/sf_vuln_list.html
> >
> 
> 
> ----------------------------------------------------------------------------
> 
> Are your vulnerability scans producing just another report?
> Manage the entire remediation process with StillSecure VAM's
> Vulnerability Repair Workflow.
> Download a free 15-day trial:
> http://www2.stillsecure.com/download/sf_vuln_list.html
> 
> 
> 



----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html

Next message: Cedric Blancher: "Re: Methods for evading Nmap OS Fingerprinting"
Previous message: Christian Navarrete: "pen-testing info"
In reply to: Alex Lambert: "Re: Methods for evading Nmap OS Fingerprinting"
Next in thread: Cedric Blancher: "Re: Methods for evading Nmap OS Fingerprinting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 11:03:10 PST