On Sat, 27 May 2000, Russell Ross wrote:
> I apologize if this is a bit off topic, but is it possible to stop OS's (NT
> & Solaris) from responding to probes (ISS and Nmap) with their version and
> patch level?
Nmap's OS fingerprinting code looks at the IP stack's response to packets
it sends, so without modifying the IP stack on the host or the packets as
they traverse a transparent gateway, you're not going to get very far.
Hopefully the only ports you have exposed are those absolutely necessary
to the operation of your business and you've done enough dilligence on
the hosts themselves to be able to sleep most nights.
You should read Fyodor's paper on OS fingerprinting, or the fingerprinting
section of the nmap documentation to better understand what's going on
here. The stack's behaviour is how nmap determines the OS, it's not
like a banner advertisement. Some stacks are easier to fingerprint than
others, just because they behave differently than the norm.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
