Results 1 to 5 of 5

Thread: IP Personality

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    371

    IP Personality

    Hi All,

    Just came across this little tool for the Linux 2.4 Kernel, and it sound pretty good in theory.

    Basically, this patch will fool nmaps OS fingerprinting feature.

    The characteristics that can be changed are:

    - TCP Initial Sequence Number (ISN)
    - TCP initial window size
    - TCP options (their types, values and order in the packet)
    - IP ID numbers
    - answers to some pathological TCP packets
    - answers to some UDP packets
    How can a hacker compromise what he thinks is a Win2K machine and launches his attack based on Win2K vulnerabilities, when in reality, it is a Linux machine?

    I know that this wouldnt replace any other security tools like Firewalls and Antivirus, and it could be considered to some extent "Security by Obscurity", but I think that it could be a nice inclusion to your systems overall"Security Suite".

    Check it out at:

    http://ippersonality.sourceforge.net/
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    110
    hi

    i guess this might be handy for honeypots.

    i'll check out the link later. thanks.

    regards,
    mark.
    \'hi, welcome to *****. if you would like to speak to an operator, please hang up now.\'
    * click *

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Changing your OS fingerprint is only useful if you don't run any services which reveal the OS identity.

    Many services *do* reveal what OS you're running, in which case changing the fingerprint is useless.

    The other things is, TCP fingerprinting isn't *that* reliable anyway - load balancing, NAT firewalls etc often skew the results.

    The other item is, if there are no open TCP ports on a host, it cannot be reliably fingerprinted anyway.

  4. #4
    er0k
    Guest
    Well.. those ip personalities can mask services you are running as well, as i have heard at least. I read an article some time back that would change your service names to stuff that doesnt look normal. Ill try to get the source again but if i dont just dont listen to me.. good thread..

    edit >> not the same source, but close: http://216.239.39.100/search?q=cache...hl=en&ie=UTF-8

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    689
    This is a funny thing. We had a discussion concerning this on another forum. Apparently a member found a way to disguise his Red Hat webserver as Solaris 8 using ip personality. He also used a program called jiffies to effectively fool the Netcraft webserver survey. Finally he changed the source of apache to something different too.
    Here is a link to that discussion http://forum.****microsoft.com/cgi-b...c&f=5&t=001343

    Here is a link to his site.
    http://voidmain.kicks-ass.net/aboutuptime.html
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •