Change OS fingerprint.
Change OS fingerprint.
Hello.
How can I change OS fingerprint from scanners like Nmap? For example, Nmap can't detect that I'm running CentOS.
Thank you.
How can I change OS fingerprint from scanners like Nmap? For example, Nmap can't detect that I'm running CentOS.
Thank you.
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Change OS fingerprint.
You need to rebuild the TCP/IP stack and compile every security fix manually . Too much effort , just to hide the OS version .One of Nmap's best-known features is remote OS detection using TCP/IP stack fingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. After performing dozens of tests such as TCP ISN sampling, TCP options support and ordering, IP ID sampling, and the initial window size check, Nmap compares the results to its nmap-os-db database of more than 2,600 known OS fingerprints and prints out the OS details if there is a match. Each fingerprint includes a freeform textual description of the OS, and a classification which provides the vendor name (e.g. Sun), underlying OS (e.g. Solaris), OS generation (e.g. 10), and device type (general purpose, router, switch, game console, etc). Most fingerprints also have a Common Platform Enumeration (CPE) representation, like cpe:/o:linux:linux_kernel:2.6.
Re: Change OS fingerprint.
Can Honeypot programs like "Honeyd" help?hunter86_bg wrote: ↑2019/01/23 10:55:48You need to rebuild the TCP/IP stack and compile every security fix manually . Too much effort , just to hide the OS version .One of Nmap's best-known features is remote OS detection using TCP/IP stack fingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. After performing dozens of tests such as TCP ISN sampling, TCP options support and ordering, IP ID sampling, and the initial window size check, Nmap compares the results to its nmap-os-db database of more than 2,600 known OS fingerprints and prints out the OS details if there is a match. Each fingerprint includes a freeform textual description of the OS, and a classification which provides the vendor name (e.g. Sun), underlying OS (e.g. Solaris), OS generation (e.g. 10), and device type (general purpose, router, switch, game console, etc). Most fingerprints also have a Common Platform Enumeration (CPE) representation, like cpe:/o:linux:linux_kernel:2.6.
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Change OS fingerprint.
It might work but don't count on it on 100%.
Re: Change OS fingerprint.
I know "Honeyd" is old, any suggestion?
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Change OS fingerprint.
I don't think that the efforts are worthy.
It's better to hide the version of your services - for example apache is providing it by default.
Best way is to close all ports , and open for specific trusted IPs - but most of the time this is not possible.
The safest approach is to harden your system, selinux in enforcing mode.
Then scan the system with nessus and greenbone and then remediate whatever is possible.
It's better to hide the version of your services - for example apache is providing it by default.
Best way is to close all ports , and open for specific trusted IPs - but most of the time this is not possible.
The safest approach is to harden your system, selinux in enforcing mode.
Then scan the system with nessus and greenbone and then remediate whatever is possible.
Re: Change OS fingerprint.
In your opinion honeypots are useless? Why a tool like "Honeyd" never developed more?hunter86_bg wrote: ↑2019/01/23 19:53:36I don't think that the efforts are worthy.
It's better to hide the version of your services - for example apache is providing it by default.
Best way is to close all ports , and open for specific trusted IPs - but most of the time this is not possible.
The safest approach is to harden your system, selinux in enforcing mode.
Then scan the system with nessus and greenbone and then remediate whatever is possible.
Re: Change OS fingerprint.
No, he thinks fingerprint obfuscation to be waste of time.
How did you run the nmap anyway?
Can you see from that output that the 'snafu' is a CentOS with default firewall zone 'public'?
How did you run the nmap anyway?
Code: Select all
# nmap -O snafu
Starting Nmap 6.40 ( http://nmap.org ) at 2019-01-24
Nmap scan report for foo.sbl (192.168.*.*)
Host is up (0.00048s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 10:E7:*:*:*:* (Unknown)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 2.6.32 - 3.9 (93%), Linux 3.0 - 3.9 (93%), Linux 2.6.32 - 3.6 (92%), Linux 2.6.32 (90%), Linux 2.6.22 - 2.6.36 (90%), Linux 2.6.39 (90%), Crestron XPanel control system (89%), Netgear DG834G WAP or Western Digital WD TV media player (89%), Linux 2.6.32 - 2.6.35 (88%), Linux 2.6.32 - 3.2 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.47 seconds
Re: Change OS fingerprint.
I don't know why never a tool created about it!jlehtone wrote: ↑2019/01/24 14:29:25No, he thinks fingerprint obfuscation to be waste of time.
How did you run the nmap anyway?
Can you see from that output that the 'snafu' is a CentOS with default firewall zone 'public'?Code: Select all
# nmap -O snafu Starting Nmap 6.40 ( http://nmap.org ) at 2019-01-24 Nmap scan report for foo.sbl (192.168.*.*) Host is up (0.00048s latency). Not shown: 999 filtered ports PORT STATE SERVICE 22/tcp open ssh MAC Address: 10:E7:*:*:*:* (Unknown) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Aggressive OS guesses: Linux 2.6.32 - 3.9 (93%), Linux 3.0 - 3.9 (93%), Linux 2.6.32 - 3.6 (92%), Linux 2.6.32 (90%), Linux 2.6.22 - 2.6.36 (90%), Linux 2.6.39 (90%), Crestron XPanel control system (89%), Netgear DG834G WAP or Western Digital WD TV media player (89%), Linux 2.6.32 - 2.6.35 (88%), Linux 2.6.32 - 3.2 (88%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.47 seconds
Nmap tell me:
Code: Select all
$ sudo nmap -O IP
Starting Nmap 6.47 ( http://nmap.org ) at 2019-01-26 13:31 +0330
Nmap scan report for IP (IP)
Host is up (0.00038s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: PBX|storage-misc|WAP
Running (JUST GUESSING): Vodavi embedded (89%), Thecus embedded (87%), Linux 2.6.X (85%)
OS CPE: cpe:/h:vodavi:xts-ip cpe:/h:thecus:n8800pro cpe:/o:linux:linux_kernel:2.6.22
Aggressive OS guesses: Vodavi XTS-IP PBX (89%), Thecus N8800PRO NAS device (87%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (85%)
No exact OS matches for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.41 seconds