Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Disguise a Server

Posted on 2007-04-06
7
173 Views
Last Modified: 2011-04-14
Does anyone know how to disguise your box to look like a Windows Server to nmap (instead of a Linux Server)?
0
Comment
Question by:OutOfAmmo
7 Comments
 
LVL 11

Expert Comment

by:kblack05
ID: 18879394
Yeah you can simply use SINFP to change the OS reporting for the TCP Stack:

http://www.gomor.org/cgi-bin/sinfp.pl?mode=view;page=sinfp_description
0
 
LVL 57

Expert Comment

by:giltjr
ID: 18879618
I'm confused.  SINFP seems to be another program like nmap that tries and detects what OS a computer is running.

I don't think you want to change your Linux box to look like a Windows box.  What software does to try and finger print a OS is to look at how the IP stack responds to specific situations.  In order to make your Linux box look like it Windows you would need to change the IP stack code to respond as if it were Windows.  Which means changing the IP source code.
0
 
LVL 24

Expert Comment

by:slyong
ID: 18881351
I agree with what giltjr suggest that you "do not" want to make your Linux boxes look like a Windows boxes and it is probably no way to do that.  There are however, a few ways that I knew from an old article (http://insecure.org/nmap/misc/defeat-nmap-osdetect.html) that you can foil nmap OS fingerprinting.  They are written at the time of 2.2 / 2.4 series of kernels.  I am not sure if there exists anything for kernel 2.6.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 11

Expert Comment

by:kblack05
ID: 18883502
As posted in your other comment, you tune the OS area of the TCP stack.

http://www.zog.net/Docs/nmap.html
0
 
LVL 11

Accepted Solution

by:
kblack05 earned 250 total points
ID: 18883515
This modifies the TCP OS Fingerprint area of the TCP stack, and is not harmful. Many people do this, though it is only going to foil a less experienced attacker. If someone scans your box and it shows up as an atari 2600, it might just urge them to probe deeper, and will not change the vulnerability of the box. You should focus more on security and less on disquise. Here is a great guide to get started:

http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c.html
0
 

Author Comment

by:OutOfAmmo
ID: 18886624
Thanks for all of the input.  I posted this question for a friend who was given this assignment by her instructor in a security class with very little explanation, but it sounds as if you are all on the right track with your suggestions.  I will pass this info along to her and try to close out this question or post additional information ASAP.
0
 

Author Comment

by:OutOfAmmo
ID: 19010569
My apologies for failing to get back on this.  My friend dropped the issue because her instructor didn't seem to even know the answer and wasn't sure what the results were supposed to be.  Based on what I could glean from the limited information, I think everyone was basically on the correct path.  Because kblack05 posted the most thorough information, I have accepted that as the solution.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
improve Shell script 5 155
What are best practices for keeping up to date Linux servers? 5 110
Virtual host in apache 31 102
Apache/PHP: Cannot make phpinfo() and phpmyadmin work 4 57
In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question