|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Faking/Spoofing nmap's OS reply?
From: elad (hax0r
netvision.net.il)Date: Mon Aug 21 2000 - 15:21:24 CDT
- Next message: elad: "English Translation - Ok"
- Previous message: Ofir Arkin: "DF Bit Echoing with ICMP"
- Next in thread: Massimo Fubini: "Re: Faking/Spoofing nmap's OS reply?"
- Reply: Massimo Fubini: "Re: Faking/Spoofing nmap's OS reply?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey-
I'm planning on writing some sort of paper on nmap and some related issues.
Please note that the paper is inteded for the newbie-intermediate level so
don't flame or say stuff like ``It's obvious'' etc..
Anyway. I was planning on writing how nmap works (basically), with a small
explanation about the TCP stack. Then move to why you can't 'spoof' your
OS when scanned with nmap. After that maybe add a part about how you can
fake/spoof your OS anyway, but in an unefficient way.
Now I have some questions,
(A) Is rewriting the TCP stack by recompiling the kernel with different
options thus making nmap think you're running OS X instead of OS Y the
only way to really spoof/fake the reply? (notice that I am talking about
spoofing/faking, not making it undetectable)
(B) Will mixing lots of stack options when recompiling the kernel confuse
nmap thus making it reply with something like ``Too many fingerprints'' or
something similar?
(C) Are there any other ways you can think of to spoof/fake the OS reply..?
Also, I had in mind an idea about a dynamic TCP stack of some sort, is it
possible?
By the way, the paper will probably be in Hebrew (I'm making it for a new
security site me and some friends are about to put up), so, you think I
should translate it when it's done (into English)? You think writing this
paper will do any good?
Thank you for your time,
elad, ` _'_ '
<hax0rnetvision.net.il> - (o)o) -
-ooO'(_)--Ooo-
PGP Key ID: 0x507CC7CE
Fingerprint: 28E5 2BA8 7A46 A927 4B2F 0888 F106 EDA2 507C C7CE
Unless your using a Windows based email client, the ASCII is fucked. :/
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).
- Next message: elad: "English Translation - Ok"
- Previous message: Ofir Arkin: "DF Bit Echoing with ICMP"
- Next in thread: Massimo Fubini: "Re: Faking/Spoofing nmap's OS reply?"
- Reply: Massimo Fubini: "Re: Faking/Spoofing nmap's OS reply?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]