From: Philippe Bogaerts (xxradar@radarhack.com)
Date: Tue Sep 04 2007 - 14:45:06 EDT
Hi,
Some (expensive) commercial firewalls have some protection mechanisms in
place.
In general, a statefull firewall, will stop a bunch of NMAP probes as well
as most ICMP tricks.
Some firewalls have SYN, IP TLL and ID randomization features on board.
Regards
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Gadi Evron
Sent: Sunday, September 02, 2007 11:04 PM
To: Ofer Shezaf
Cc: Attari Attari; pen-test@securityfocus.com;
pen-test-return-1078485025@securityfocus.com
Subject: RE: Block OS Detection
On Sun, 2 Sep 2007, Ofer Shezaf wrote:
> Reverse proxy? So at least for web servers you have a simple solution.
> You might be able to reverse proxy few other protocols.
>
> ~ Ofer Shezaf
Overwriting values is not going to stop many of the different detection
methods. As mentioned - just one thingie.
Me? I just change banners.
>
>> -----Original Message-----
>> From: listbounce@securityfocus.com
>> [mailto:listbounce@securityfocus.com] On Behalf Of Gadi Evron
>> Sent: Saturday, September 01, 2007 11:08 AM
>> To: Attari Attari
>> Cc: pen-test@securityfocus.com; pen-test-return-
>> 1078485025@securityfocus.com
>> Subject: Re: Block OS Detection
>>
>> Not everything is good, but you can overwrite different packet values
>> using.. a firewall for example.
>>
>> Just one thingie.
>>
>>
>> On Fri, 31 Aug 2007, Attari Attari wrote:
>>
>>> Hello All:
>>>
>>> Is there a PRACTICAL solution from PRODUCTION
>>> environments that can be used to block OS detection
>>> from tools like NMAP? I googled and read some notes
>>> but couldn't find a real world solution to blocking
>>> Windows & Linux OS detection.
>>>
>>> I'm quite sure I'll get the right inputs here.
>>>
>>> Thank you.
>>>
>>> Attari
>>>
>>>
>>> Unlimited freedom, unlimited storage. Get it now, on
>> http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/
>>>
>>>
> ---------------------------------------------------------------------
>> ---
>>> This list is sponsored by: Cenzic
>>>
>>> Need to secure your web apps NOW?
>>> Cenzic finds more, "real" vulnerabilities fast.
>>> Click to try it, buy it or download a solution FREE today!
>>>
>>> http://www.cenzic.com/downloads
>>>
> ---------------------------------------------------------------------
>> ---
>>>
>>
>>
> -----------------------------------------------------------------------
>> -
>> This list is sponsored by: Cenzic
>>
>> Need to secure your web apps NOW?
>> Cenzic finds more, "real" vulnerabilities fast.
>> Click to try it, buy it or download a solution FREE today!
>>
>> http://www.cenzic.com/downloads
>>
> -----------------------------------------------------------------------
>> -
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:05 EDT