grsecurity forums


https://forums.grsecurity.net./

OS stealth

https://forums.grsecurity.net./viewtopic.php?f=3&t=277

Page 1 of 1

OS stealth

PostPosted: Tue Jan 21, 2003 10:53 pm
by amadei
Hey guys.

I was just playing with nmap 3.0 and noticed that it can
predict what my GRSecurity protected machines are running
for an OS again.

It was my understanding that GRSec randomized all the factors used to profile an OS... any idea how nmap is figuring out the OS?

PostPosted: Wed Jan 22, 2003 12:05 am
by spender
grsec randomizes the ip id, rpc xid, source ports, etc for other reasons than evading os detection. If you're using the stealth module (or have your default iptables rule set to drop) nmap shouldn't be able to detect the os (i've tested with 3.0 as well). I think there is a certain scan that can detect the machine is Linux, though. If you really want to hide from those scans, there's a netfilter module called ippersonality that you may want to check out.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/