Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Hiding your OS type.

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785

    Hiding your OS type.

    Much has been written about fingerprinting OSs but its not that easy to find information on how to disguise you server and make it appear as something else. A simple GET /http1.1 yields mucho info.

    Every knows there are a ton of ways to fingerprint OSs on the internet, like banner grabbing, stack comparison etc.

    If everyone who edits their machine for this purpose or knows of ways to alter their machine to hide or mask their OS,s id would list one (or more) ways to do this, we’d probably all learn a great deal. I know I will.

    I’ll compile a list of tips and post them at the end of this thread as a download, after any activity dies down. They’ll be listed according to OS type with credit given (who posted it) for each hint/tip. If there are enough of them maybe we can have it put into the news letter


    IIS

    Edit the html error files in C:\WINNT\Help\iisHelp\common. Remove all the help statements and references to the OS.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Very good idea Ted. While I really can't contribute much since I am so new to the Security field, I would benefit from this immensely. So I really appreciate your getting this together. However, if I can think of or find something to post, I will. I would like to contribute where possible. Again, good idea.
    Opinions are like holes - everybody\'s got\'em.

    Smile

  3. #3
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    The grsecurity patch for the Linux kernel has several features that will prevent fingerprinting based on the TCP/IP stack by indroducing randomness.
    Do what you want with the girl, but leave me alone!

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Unfortunately doing what you suggest to IIS will not prevent it from adding its signature to every HTTP response in the Server: header.

    If using the much more flexible Apache web server, the ServerTokens config command can be used to prevent it identifying itself (of course you also have to prevent it identifying itself in error responses, which is done in a similar fashion)

    You can use ServerTokens to have Apache either not identify itself at all (ServerTokens Off) or to provide only limited information (like no OS, version etc)

    Unfortunately if using server-side generation like ASP, PHP etc, these usually give info away as well (if you have any such pages) - so it's necessary to reconfigure them too.

    AFAIK, PHP sends a header "X-Powered-By" with the PHP version and OS in.

    A 3rd party product may be used with IIS to remove its "Server:" headers etc.

    However, even removing all headers will not hide your OS identity in the TCP/IP stack (although this is much less informative and reliable than banners)

    To do this, use a patch like problemchild says.

    Additionally, if you use Microsoft FTP server, you'll find it entirely impossible to prevent it from announcing itself to the world. The only work-around I know is to use a different FTP server product.

    More flexible servers like proftpd can be configured not to announce their identity (Although proftpd is not available for Windows (there are loads for Windows and they're not all crap))

  5. #5
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    This article just appeared over at mandrakeforum.com, and it seemed appropriate to this thread. It describes how to force Mozilla to report whatever version/OS you choose.

    http://mandrakeforum.com/article.php?sid=2420&lang=en
    Do what you want with the girl, but leave me alone!

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    366
    I can't contribute either but sure can second wanting to know some tips and tricks. Every since I came to AO, I have learned some fantastic tips on how to remain secure. Don't want to stop now.

    I will do some searching, and you never know, may find something worthwhile to contribute.

    Thanks in advance for all those that post tips.

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    slarty actually the version info can be removed from the associated .dll file usimg a hex editor.

    for instance "microsoft ftp service" can be replaced with another string or removed compleatly by editing ftpsvr2.dll found in winnt\system32\inetserv. the copy of it that is in dllcache must be removed to keep the machine from automatically replacing it and it is highly recomendable that the crc be brought back to what it was before the edit, although not absolutly necessary.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    Hey, Tedob, sugges you check at http://www.wilders.org

    It's a security forum and I'll bet they'd have a bushel of ideas and suggestions. I don't know if you have to join to post. It's safe and worth it though

  9. #9
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Is it really worth it? I mean, if you know enough to hide your OS type, you should know enough to make the machine secure in the first place, don't you think?

    Ammo
    Credit travels up, blame travels down -- The Boss

  10. #10
    Senior Member
    Join Date
    Jul 2002
    Posts
    386

    That's right, Ammo

    Hiding your OS and other info concerning your computer is a good start. You also need a good firewall in placeand a program to block referrers, and an antivirus program. Most firewalls today will keep out Trojans and most antivirus software, if keep updated, will catch them.

    The nice thing is, all of the above can be had for free. Check out that wilders site I mentioned. Even if you don't care to sign up, I think you can read the forums. You can pick up a lot.

    While you're at it, check sygate.com and pcflank.com and run the security tests they offer. They'll tell you where you are as far as security goes. There are others out there, too, offering similar tests.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •