|
General software and network General OS-independent software and network questions, X11, MTA, routing, etc. |
|
Thread Tools | Display Modes |
|
|
|||
hiding OS from Netcraft ..
Hi everybody !
While surfing Netcraft days ago, I noticed that for some websites/servers OS detection falls short to reveal info .. they write 'unknown' .. eg. : plan9.bell-labs.com .. * In theory, how can a server bypass nmap -O for instance or Netcraft OS-detection craft ? * how can I hide my OS ID .. I also noticed the generic description 'linux' instead of the distro name .. |
|
|||
actually bell-labs is running solaris .. but why plan9 is marked unknown os ?
|
|
|||
Thanks Carpetsmoker ! of course I read it .. but that doesn't answer the question
in theory how can I deny nmap or any OS-detection tool to get the identity of my OS .. or at least to mislead it as to obtain wrong or more generic ID .. unix/linux/ .. sorry for this newb question .. I remember an option in konqueror which prevents/allow browser identification -plus at will OS detection- .. I am also thinking of that famous old livecd called AnonymOS .. I wonder if the anonymy it offers is both at the level of data packets and also -equally important- at the level of OS identity .. keeping my OS id anonymous is sth I'd love to achieve .. |
|
|||
Quote:
The Nmap book has a section on OS detection: http://nmap.org/book/osdetect-guess.html ...however, I will concur that it does not spell out the algorithms used in any detail. In many ways, the Nmap crowd doesn't want this to be widely known as OS developers will then modify their network stacks to return different results. Ultimately, if you want a definitive answer, you will need to study the source code yourself. Nevertheless, your question raises another in return. Why is it important to obscure what operating system you are running? In reading OpenBSD's mailing lists, there hasn't been that much discussion in over ten years: http://marc.info/?l=openbsd-misc&w=2...erprinting&q=b In general, believing that one can have security through obscurity is not an accepted best security practice. |
|
|||
Hi Ocicat !
I must thank you for your enlightening point .. security through obscurity in certain ways is an obligation .. not for fear of being attacked but of being *noticed* then *identified* if for instance you are the only one using a particular OS around in some small area where privacy has been redefined as 'cyber Mega Sin ! so here being *UFO* is a sec-measure .. Quote:
then a total mastery of c/lua/ is involved here .. :-) the Q appertains only to the likes of us on personal workstations and private servers .. big servers on the other hand would not consider such anonymy .. Last edited by daemonfowl; 17th February 2012 at 11:52 PM. |
|
|||
Quote:
What you will find the OpenBSD project developers advocating is understanding what packets are going through your firewall, & tightening the rules such that only the traffic you want gets through in either direction. Focusing on firewall rules offers more tangible results. Trying to out-smart the ever-evolving murky heuristics used by the bad guys who will never divulge what they are doing will only put you/me/anyone into a constant game of cats chasing mice. And the bad guys aren't going to stand still -- at least not the really good ones. While I will grant you that fingerprinting is a curious subject, & there are a number of books which chronicle publicized exploits, understanding fingerprinting at a deeper level also will take significant time, research, sophistication, & experience. Quote:
Quote:
Last edited by ocicat; 18th February 2012 at 12:21 AM. |
|
|||
Quote:
Think BSD =Think Correctly I still wonder why some servers appear anonymous OSes on Netcraft .. Last edited by daemonfowl; 18th February 2012 at 12:56 AM. |
|
|||
As I recall, you have mentioned wanting/using tor in some other thread. While on the subject/myth of "security through obscurity", it is worth some mention that the tor servers were hacked some time back:
http://www.wired.com/politics/securi...urrentPage=all ...so to feel that this is a failsafe security measure, it isn't. In fact, you won't find the OpenBSD project developers to be real fans of the technology either. |
|
|||
Ocicat , that's interesting to hear ! and thank you for the informing link !
Actually the OpenBSD Team warns against relying much on tor for anonymity as obvious from the boot message at the end .. there is even a recurring notice about libident stable and another version mismatch which may cause tor to crash .. Maybe you'd suggest some other caching tool I must be using instead .. squid for instance ?? I'd be happy to learn about something new and more secure to use .. Last edited by daemonfowl; 18th February 2012 at 04:55 AM. |
|
|||
daemonfowl, you're "sth"'ing again...
Quote:
|
|
|||
Corrected .. bad habits need time to unlearn lol ..
Thanks Ocicat ! |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ftpd and hiding . files | crofox | OpenBSD Packages and Ports | 5 | 26th June 2008 03:01 AM |
chmods for users & hiding processes | mike | OpenBSD Security | 2 | 12th June 2008 04:15 PM |