Jump to content

Anti-Scan


Zer0Light
 Share

Recommended Posts

It's kind of hard to deceive service and version detection as it's often based on timing and quirks in kernels. You could (for example) run Apache but modify it to produce false headers, but if you aren't running a service at all it's kind of tricky. I suppose you could run a fake service, but any thing could be running on port 40 as it doesn't appear to have a dedicated use, so the scanner wouldn't know what to look for.

What would be the purpose of 'disguising' your operating system?

Link to comment
Share on other sites

Osfuscate was a funky lil tweak. Was playing around with a while back and had my XP laptop showing it was a PS2. =D

I also recall reading that even with that reg hack masking your o.s it can still be detected if you were to monitor packets with wire shark or something. From memory this had something to do with the way windows handles DHCP requests.

The fix was to statically assign IP addresses to windows clients. Pretty sure this is mentioned on iron geeks site.

Sparda's suggestion would be the better way to go in my opinion. You can emulate a bunch of open ports/services, have more virtual clients with a TCP/IP and also send fake network traffic so your honey pot looks a little more legit than just having open ports.

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...