Methods for evading Nmap OS Fingerprinting

[neel]

If you just secure your network or you computer good, with a nice firewall or router or whatever, you come far enough to fake a different os. Some while back I had a gentoo box. Nmap identified it as a cisco router.

[bluebeard96]

I think we'd all agree that a system can't be 100% secure, just as its identity cannot be 100% hidden. Doing a "pretty good job" is a lot better than doing NO job of obscuring the true identity. Is there someone that will dig deeper to successfully fingerprint your system? Sure. Are you gonna fool a lot of newbies that won't have what it takes to dig deeper? Yep.

Bottom line is that this is one of a multitude of things you should be doing to protect your system. Heck, the 1st sentence in the link I posted states this...

The purpose of this paper is to try to enumate and briefly describe all applications and technics deployed for defeating Nmap OS Fingerprint, but in any case, security by obscurity is not good approach; it can be a good security measure but please take into account that is more important to have a tight security environment (patches, firewalls, ids, ...) than hiding your OS.

[ponga]

I believe a paraphrase of an old quote to nations can be of help in this matter, as I believe it holds merit for other entities and individuals as a guide for allocation of resources; that is, when security is valued over liberty, one will have neither.

[daxmax]

Just to add to the Convo this doc is specifically for the *Nix flavor of servers, nonetheless, you can hide your identity (somewhat) on M$ with tools like ServerMask or by directly modifying one of the Servers DLL (can't remember the name of it at the moment).

http://www.port80software.com/suppor...rwebserver.asp

They also right a half decent article on what to look out for if you want your server to be more "generic".