[SunHELP] How can I hide the type of the operating system from scanners?

Joe Pampel joe at ardsley.com
Tue Jul 16 08:30:58 CDT 2002 

Well, the best thing is to put the machine behind a firewall.. ;-)
If that's not an option, you can try some of these:

- do some packet filtering on the router "outside" this host, esp on some of
the "obvious" ports (RPC, Rlogin, portmapper, etc)
- Close all the ports you can on the machine (use lsof to find out what has
them open)  The less there
is to read, the harder it is to accurately ID the OS.
- intall a host based firewall program and nail down what IP's can connect to
which services etc. There are some good
open source ones.
- do some IP stack hardening (won't stop OS ID'ing but will make the host more
robust.. see some ideas on links below.. not all of
these will apply, so if you use any make sure you understand what they are
doing and how it will affect your host.

Links to you started on IP Stack hardening, Solaris hardening etc..:
Rob Thomas' articles: http://www.enteract.com/~robt/Docs/Articles/index.html
Sean Boran's Solaris Hardening Papers, etc.:
http://www.boran.com/security/sp/Solaris_hardening.html

hth

Joe


>>> "Takacs Istvan" <istvan.takacs at hungax.com> 07/16/02 04:47AM >>>
Hi,

Is there a way to hide the type of the operating system?
When I run nmap than it can detect that it's a Solaris 8
operating system;

"Remote operating system guess: Sun Solaris 8
early acces beta through actual release"

Do you have any good trick to hide this information
from netcraft and the scanner programs?
Or should I change something in the IP stack of
the OS if I had the source?

Thanks in advance!

Regards;

		Istvan
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

More information about the SunHELP mailing list