On Fri, 2003-08-08 at 15:27, Charles Steinkuehler wrote: > Jay Langford wrote: > > Thanks charles, > > > > I am going to check out nessus as per seans suggestion... > > I think you'll be happier with the nessus results. Nmap is also good > for raw port-scanning. >
Nessus uses Nmap for it's port scanner. > > Do you know if it is possible to change the ping results to make it look > > like it's a windows box? > > > > ICMP code in response <> 0 => Unix box > > > > If so would there be any side effects of doing this? > > ??? I'm confused. > > A ping (echo request, ICMP message type 8) should always be answered > with an echo reply (ICMP message type 0). > > I don't think even Microsoft's TCP/IP stack has managed to screw this up. > > Also, all ICMP echo request/reply messages should have a message code of > 0 (although some vendors co-opt the message code for specific services). > > Do you have a packet dump of the offending ping traffic? What would be the point of this? To hide your Linux box? There are many other ways to fingerprint a box. Responses to ping, deny/reject responses, IP ID field sequences, service responses. Just knowing a box is a Linux box doesn't really help you break in. Knowing (or hiding) that a box is running IIS doesn't help you that much either. Sure it narrows the number of exploits you have to try, but the attacks are scripted, so who care how long it takes, how many exploits are tried. Nessus has a setting so it will make assumptions based on its fingerprint findings. It scans faster that way. BUT, it misses stuff too. Better turn that one off. I had a point when I started this... Sean ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
