fool OS fingerprinting

Discuss and suggest new grsecurity features

fool OS fingerprinting

Postby CleeK » Wed Aug 21, 2002 5:36 am

I would like to have a feature in grsecurity to fool OS fingerprint requests of tools like nmap -O. Is it out of the topic of grsecurity ?

Sthg else : is it possible to make grsecurity invisible on a patched system ? I would like to use grsecurity, but I don't want that someone knows it is a "grsecurityzed" kernel. The first thing is to remove the EXTRAVERSION '-grsec' , but a user can look for a file like /proc/sys/kernel/grsecurity/acl. Any ideas ?
CleeK
 
Posts: 2
Joined: Wed Aug 21, 2002 5:29 am

Postby spender » Wed Aug 21, 2002 9:20 am

the stealth netfilter module for grsecurity will fool nmap -O.

As for making grsecurity invisible, you're on your own with that one. Unlike some other systems out there, grsecurity is written to be effective even if the attacker knows everything about the system.

If you're using the acl system, /proc/sys/kernel/grsecurity can be hidden with a single rule.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity development