Anti-Scan

[Zer0Light]

How can I fool scans such as nmap for services that don't exist and/or opened/closed ports ?

[Sparda]

Honey pot? netcat?

[Zer0Light]

Honey Pot ? ... I don't want a hardware customatization to achieve this.I want when somebody tries to scan me to have false positives like port 40 is open (actually closed) running Apple MAC (running Windows Vista/7/XP/2003 actually) ... Any ideas ?

[Sparda]

It's kind of hard to deceive service and version detection as it's often based on timing and quirks in kernels. You could (for example) run Apache but modify it to produce false headers, but if you aren't running a service at all it's kind of tricky. I suppose you could run a fake service, but any thing could be running on port 40 as it doesn't appear to have a dedicated use, so the scanner wouldn't know what to look for.

What would be the purpose of 'disguising' your operating system?

[Netshroud]

Look up OSfucate, I think Hak5 did it in the middle of season 5.

[H@L0_F00]

OSfuscate by Irongeek

[shonen]

Osfuscate was a funky lil tweak. Was playing around with a while back and had my XP laptop showing it was a PS2. =D

I also recall reading that even with that reg hack masking your o.s it can still be detected if you were to monitor packets with wire shark or something. From memory this had something to do with the way windows handles DHCP requests.

The fix was to statically assign IP addresses to windows clients. Pretty sure this is mentioned on iron geeks site.

Sparda's suggestion would be the better way to go in my opinion. You can emulate a bunch of open ports/services, have more virtual clients with a TCP/IP and also send fake network traffic so your honey pot looks a little more legit than just having open ports.

[Dаrren Kitchen]

A sticky tar pit like LaBrea is also fun:

http://labrea.sourceforge.net/labrea-info.html