Zer0Light Posted February 4, 2010 Share Posted February 4, 2010 How can I fool scans such as nmap for services that don't exist and/or opened/closed ports ? Quote Link to comment Share on other sites More sharing options...
Sparda Posted February 4, 2010 Share Posted February 4, 2010 Honey pot? netcat? Quote Link to comment Share on other sites More sharing options...
Zer0Light Posted February 4, 2010 Author Share Posted February 4, 2010 Honey Pot ? ... I don't want a hardware customatization to achieve this.I want when somebody tries to scan me to have false positives like port 40 is open (actually closed) running Apple MAC (running Windows Vista/7/XP/2003 actually) ... Any ideas ? Quote Link to comment Share on other sites More sharing options...
Sparda Posted February 4, 2010 Share Posted February 4, 2010 It's kind of hard to deceive service and version detection as it's often based on timing and quirks in kernels. You could (for example) run Apache but modify it to produce false headers, but if you aren't running a service at all it's kind of tricky. I suppose you could run a fake service, but any thing could be running on port 40 as it doesn't appear to have a dedicated use, so the scanner wouldn't know what to look for. What would be the purpose of 'disguising' your operating system? Quote Link to comment Share on other sites More sharing options...
Netshroud Posted February 4, 2010 Share Posted February 4, 2010 Look up OSfucate, I think Hak5 did it in the middle of season 5. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted February 5, 2010 Share Posted February 5, 2010 OSfuscate by Irongeek Quote Link to comment Share on other sites More sharing options...
shonen Posted February 5, 2010 Share Posted February 5, 2010 Osfuscate was a funky lil tweak. Was playing around with a while back and had my XP laptop showing it was a PS2. =D I also recall reading that even with that reg hack masking your o.s it can still be detected if you were to monitor packets with wire shark or something. From memory this had something to do with the way windows handles DHCP requests. The fix was to statically assign IP addresses to windows clients. Pretty sure this is mentioned on iron geeks site. Sparda's suggestion would be the better way to go in my opinion. You can emulate a bunch of open ports/services, have more virtual clients with a TCP/IP and also send fake network traffic so your honey pot looks a little more legit than just having open ports. Quote Link to comment Share on other sites More sharing options...
Dаrren Kitchen Posted February 24, 2010 Share Posted February 24, 2010 A sticky tar pit like LaBrea is also fun: http://labrea.sourceforge.net/labrea-info.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.