Disguise a Server

Does anyone know how to disguise your box to look like a Windows Server to nmap (instead of a Linux Server)?
OutOfAmmoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kblack05Commented:
Yeah you can simply use SINFP to change the OS reporting for the TCP Stack:

http://www.gomor.org/cgi-bin/sinfp.pl?mode=view;page=sinfp_description
0
giltjrCommented:
I'm confused.  SINFP seems to be another program like nmap that tries and detects what OS a computer is running.

I don't think you want to change your Linux box to look like a Windows box.  What software does to try and finger print a OS is to look at how the IP stack responds to specific situations.  In order to make your Linux box look like it Windows you would need to change the IP stack code to respond as if it were Windows.  Which means changing the IP source code.
0
slyongCommented:
I agree with what giltjr suggest that you "do not" want to make your Linux boxes look like a Windows boxes and it is probably no way to do that.  There are however, a few ways that I knew from an old article (http://insecure.org/nmap/misc/defeat-nmap-osdetect.html) that you can foil nmap OS fingerprinting.  They are written at the time of 2.2 / 2.4 series of kernels.  I am not sure if there exists anything for kernel 2.6.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

kblack05Commented:
As posted in your other comment, you tune the OS area of the TCP stack.

http://www.zog.net/Docs/nmap.html
0
kblack05Commented:
This modifies the TCP OS Fingerprint area of the TCP stack, and is not harmful. Many people do this, though it is only going to foil a less experienced attacker. If someone scans your box and it shows up as an atari 2600, it might just urge them to probe deeper, and will not change the vulnerability of the box. You should focus more on security and less on disquise. Here is a great guide to get started:

http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OutOfAmmoAuthor Commented:
Thanks for all of the input.  I posted this question for a friend who was given this assignment by her instructor in a security class with very little explanation, but it sounds as if you are all on the right track with your suggestions.  I will pass this info along to her and try to close out this question or post additional information ASAP.
0
OutOfAmmoAuthor Commented:
My apologies for failing to get back on this.  My friend dropped the issue because her instructor didn't seem to even know the answer and wasn't sure what the results were supposed to be.  Based on what I could glean from the limited information, I think everyone was basically on the correct path.  Because kblack05 posted the most thorough information, I have accepted that as the solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.