As you know, when we actually ping a machine, there's the TTL there. If you have 128 thats mean u have windows running and if you have 64 thats basically Linux.Are there any way I can edit these.Its a good way to mislead attackers right.
Printable View
As you know, when we actually ping a machine, there's the TTL there. If you have 128 thats mean u have windows running and if you have 64 thats basically Linux.Are there any way I can edit these.Its a good way to mislead attackers right.
Get a firewall that drops pings or doesn't respond to them, then they won't know if you're there or not. It's kinda security by obscurity, unless you actually configure the firewall correctly, then it's good. I don't know how to edit the response though.
In Windows 9x, you can modify it by navigating to HKLM\System\CurrentControlSet\Services\VxD\MSTCP and modifying the DefaultTTL value. In Windows NT/2000/XP, you will have to create a new DWORD Value in HKLM\System\CurrentControlSet\Services\Tcpip\Parameters. The value name will be: DefaultTTL, Data Type: REG_DWORD (DWORD Value), and Value Data: 1-255 hops. I think in Linux it may be ping -t ttl but I'm not positive. Hope this helps a little.
If you're not comfortable with manually editing your registry, you could download Dr. TCP from dslreports.com. It's a smal tool that edits some registry settings (TTL, MTU, TCPR,...).
That is what I do.Quote:
Originally posted here by h3r3tic
Get a firewall that drops pings or doesn't respond to them, then they won't know if you're there or not. It's kinda security by obscurity, unless you actually configure the firewall correctly, then it's good. I don't know how to edit the response though.
I allow it internal on my LAN/WAN but deny it from the internet.
Not to hijack your thread, but is there any real reason to allow replies?
(other than troubleshooting connectivity)
I drop ICMP but send keepalives to my ISP so they don't release/renew my public dynamic IP until I request it.
There are lots of sites/people now dropping ICMP (including AO) and they all still function fine.