Protection against Fingerprinting
I've ask already about it on other forum dedicated to freebsd. I decided to ask here also.
Recently I have read many tutorials about passive methods of detection kinds of systems and theirs number behind NAT. It depends on sniffing headers of TCP/IP packets (ttl, window size, tcp stack in general)
As I know NAT only changes source/destination addresses and ports in TCP/IP packet. Rest of packet is the same as it was made by system.
Is there possible to configure openbsd or other system (which works as a router)to make out going packets look the same? I mean to re-write packets' TCP stack to make them look like they are from one machine, hide specific points of tcp/ip stack and make difficult to discover/guess number of computers behind NAT?
|