LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-11-2005, 01:47 AM   #1
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Question mangling ICMP TOS


Hi!

Is it possible to mangle the TOS used by Linux for ICMP Destination Unreachable?

I tried both these commands on a Redhat 9 (with 2.4.20) & Mandrake 10.1 (with 2.6.8):
# iptables -t mangle -I OUTPUT -p icmp -j TOS --set-tos 00
# iptables -t mangle -I POSTROUTING -p icmp -j TOS --set-tos 00

I even tried all chains in the mangle table and "-p all", but the 0xc0 TOS in Mandrake wasn't changed nor the 0x00 used by the Redhat box (which is strange because I thought that every Linux uses 0xc0 -- hey, on Redhat I tried --set-tos 0x10)

I'm just trying to make OS fingerprinting harder

Is it possible with netfilter?

Is there another way?

Thanks in advance...

Last edited by primo; 06-11-2005 at 01:02 PM.
 
Old 06-11-2005, 09:42 AM   #2
javaroast
Member
 
Registered: Apr 2005
Posts: 131

Rep: Reputation: 19
OS Fingerprinting

You'll have to do more than mangle icmp to defeat NMAP's fingerprinting as it uses a variety of techniques to fingerprint the OS. If you are running a 2.4 kernel the simplest way to do it is to compile with http://ippersonality.sourceforge.net/. If you are running bind you'll also want to make sure you change the banner that announces your OS. The same goes for some FTP daemons.
 
Old 06-15-2005, 03:02 AM   #3
primo
Member
 
Registered: Jun 2005
Posts: 542

Original Poster
Rep: Reputation: 34
Quote:
"You'll have to do more than mangle icmp to defeat NMAP's fingerprinting as it uses a variety of techniques to fingerprint the OS."
Well, I've done that nmap homework. It's no scare, the real thing:
http://gemal.dk/browserspy/

Maybe I create a special forum to discussing Anti OS Fingerprinting techniques

Last edited by primo; 06-15-2005 at 03:10 AM.
 
Old 06-15-2005, 03:21 AM   #4
javaroast
Member
 
Registered: Apr 2005
Posts: 131

Rep: Reputation: 19
Browser Spy

The easiest way to defeat browserspy is not clicking on the links. Seriously that link has nothing to do with OS fingerprinting.
 
Old 06-16-2005, 06:04 PM   #5
primo
Member
 
Registered: Jun 2005
Posts: 542

Original Poster
Rep: Reputation: 34
Quote:
The easiest way to defeat browserspy is not clicking on the links.
Perhaps, a lkm which restricts the uname syscall to certain processes. I will try this one.

Quote:
Seriously that link has nothing to do with OS fingerprinting.
Well, there's TCP/IP OS fingerprinting (whether passive or active) and generic OS fingerprinting...

(call it OS obscurity, whatever...)

I started this thread for help in mangling the TOS for ICMP errors & replies...

Is it possible?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Slackware iptable/packet mangling help needed. underscorelinux Linux - Wireless Networking 3 10-23-2005 04:27 PM
Easytag track name mangling adam_mccullough Linux - Software 1 04-30-2005 11:51 AM
ICMP traffic archives/writing ICMP traffic in a file maia_1 Programming 0 07-20-2004 03:43 AM
Samba 3.0.2 not mangling long names correctly for Win95/98 JLindenmuth Linux - Networking 0 03-25-2004 01:28 PM
C++ How-tos matt3333 Slackware 5 02-03-2004 11:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration