|
-
July 23rd, 2007, 09:09 PM
#1
Security Cloak : How To Fool Passive Os Scanner
Security Cloak is designed to protect against TCP/IP stack fingerprinting and computer identification/information leakage via timestamp and window options by modifying relevant registry keys. The settings used are based on the results of SYN packet analysis by p0f. While the OS reported by other OS detection scanners were not identical to those of p0f, testing against Nmap, xprobe2, queso and cheops showed that they were unable to identify the correct operating system/version after Security Cloak settings had been applied.
" http://www.linuxhaxor.net/2007/07/23...ve-os-scanner/ "
pavs
Last edited by pavs; July 24th, 2007 at 01:48 AM.
-
July 24th, 2007, 04:37 AM
#2
Is this odd or is this just me? joining multiple forums and within days posting the same thing?
http://www.rohitab.com/discuss/index...howtopic=26051
-
July 24th, 2007, 07:46 AM
#3
It is you metguru,
pavs has posted 3 times in 5 years?
I have downloaded the stuff and will try it out............. 
It is a mirrored labrat, so I really don't care 
-
July 24th, 2007, 01:44 PM
#4
TBH I don't think OS fingerprinting is accurate enough to warrant deploying something to defend against it. From experience I have found Xprobe to be the most reliable and Nmap to be one of the most unreliable (I still have an unpatched XP box that Nmap insists is 2000 sp 3), but even xprobe is only reliable 60 - 70 % of the time and unless you have used it regularly it can be hard to know which xprobe result to chose as it is not always the first choice.
If a target is running a web server then you are likely to be around 90% accurate using httprint or similar but other than that it is a guessing game with an element of look involved.
They can all obviously tell a Windows box from a Linux box, but when it comes to the different flavours of the OS they are mostly found wanting.
-
July 24th, 2007, 11:58 PM
#5
Metguru--> yes it is kinda odd I guess. I am been a member of antinonline for years and been following this forum for just as long. But only now I am posting something, because I am trying to promote my site, if you don't like it I can understand that, but I don't think there is anything wrong with promoting your site as long as it has good content in it.
Nokia--> there is two kinds of finger printing (apart from being active and passive); there is fingerprinting that us mortals do and there is fingerprinting that site's like netcraft does.
Good luck with fingerprinting google.com with their exact version of server/OS, and with 90% of the time with extreme accuracy.
" http://toolbar.netcraft.com/site_rep...www.google.com "
It's only hack like this (actually you need more than security cloak to achieve what ebuyer.com has achieved, which needs a discussion of it's own) that makes it possible to fool scanner like netcraft:
ie,
" http://toolbar.netcraft.com/site_rep...www.ebuyer.com "
Cheers,
pavs
-
July 25th, 2007, 12:23 AM
#6
 Originally Posted by pavs
Metguru--> yes it is kinda odd I guess. I am been a member of antinonline for years and been following this forum for just as long. But only now I am posting something, because I am trying to promote my site, if you don't like it I can understand that, but I don't think there is anything wrong with promoting your site as long as it has good content in it.
Hey, its all good, im not tryin to start anything, I just noticed it and thought it would be good to bring up.
-
July 26th, 2007, 06:01 PM
#7
My article got mentioned in the first page of hackszine.
http://hackszine.com/
Cheers,
pavs
-
July 26th, 2007, 07:58 PM
#8
Heh, it would be kinda neat if you could dynamically cloak your fingerprint to match the persons that is looking....That would make em think a little bit.
I believe in making the world safe for our children, but not our children’s children, because I don’t think children should be having sex. -- Jack Handey
-
July 26th, 2007, 09:00 PM
#9
Huh?
My article got mentioned in the first page of hackszine.
Hey kid, I posted it to every page of my roll of toilet tissue..............
"hackszine"............. ah!.......... way too intellectual for people here 
-
July 27th, 2007, 11:02 AM
#10
Originally Posted by nihil
Huh?
Hey kid, I posted it to every page of my roll of toilet tissue..............
"hackszine"............. ah!.......... way too intellectual for people here
Hey whatever makes you happy.
Anyways, for anyone interested:
http://www.windowhaxor.net/index.php...nd-error-page/
Using apache modsecurity module to change apache signature and error page customizing stuff.
Cheers,
pavs
Similar Threads
-
By \/IP3R in forum AntiOnline's General Chit Chat
Replies: 16
Last Post: March 7th, 2005, 10:25 PM
-
By Tiger Shark in forum Microsoft Security Discussions
Replies: 5
Last Post: January 14th, 2005, 08:47 PM
-
By SDK in forum Miscellaneous Security Discussions
Replies: 0
Last Post: December 1st, 2004, 12:45 AM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 7
Last Post: September 12th, 2002, 10:33 PM
-
By Ennis in forum The Security Tutorials Forum
Replies: 3
Last Post: December 1st, 2001, 02:38 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
