OS fingerprint spoofing through sysctl; possible/practical?
I've been researching a bit of stack fingerprinting for fun and profit, but have found precious little in the way of stack spoofing tech.
Basically, i'ma running nmap against a dummy box and trying to make it look like a bluetooth fridge (for example), as opposed to the slackware box that it actually is. I came across two dead projects (morph & ip personalities) which have not been updated since 2k5 that purported to do this very thing, but I could not get either of 'em to work.There is a windaes version here which i intend to try asap, and possibly steal some of the configs from. I did however find on here a mention of using sysctl to perform the exact same function, and while it wasn't perfect, it did generate some confusion from nmap. Made sense to me that the projects have been terminated due to a much simpler method of adjusting 'nix stack handling procedures in the form of sysctl. so the queries: Anyone used sysctl extensively for this purpose, and have amusing or useful anecdotes to share? Can nmap's funky fingerprint db be auto converted into human readable form/sysctl quick script? cheers a a |
Why not run the services chrooted or on a vm?
|
The vm method;
1. I hadn't thought of that, thanks for the alternative. 2. it requires significantly more resources than I have to play with (cyrix p266, 64 meg ram). the chroot method; 1. i've only used chroot for switching between root directories for os installation cloning and setup, how could it help? The intended purpose is to make John A. Black-Hat or Jim T. Script-Kidd waste time trying to determine the os and thusly try methods more likely to be detected as anomalous. Peripherally, the windaes spoofer works remarkably well, nmap hadn't a clue as to what it was looking at. |
this does not carry out any automatic error checking or allow for specified reset, so use with caution.
Code:
#!/bin/bash Josefsson B, TCP tuning cookbook, SUNET, 2004 [online] Available: http://proj.sunet.se/E2E/tcptune.html [Accessed : 01/03/2010] Lal Jangir M, Linux Network Stack Administration: A Developer's Approach, Linux For You [online] http://www.linuxforu.com/teach-me/li...-a-developers- approach/[Accessed : 17/03/2010] Morizot S, Easy Firewall Generator for iptables, 05/11/2005 [online] Available : http://easyfwgen.morizot.net/gen/ [Accessed : 17/03/2010 if you cant tell this file works with the original osfuscate profile files, so you'll need a copy of them too. Sadly I only got 58% on this assessment :/ |
I was actually for the same thing today. I recently found of that sysctl can do this but i just don't know what parameters accomplish this. If you can please provide what parameters you used to fool nmap that would be awesome.
|
hey allied air,
is it possible to send me that windows spoofer? i'm really interested. |
All times are GMT -5. The time now is 12:02 PM. |