|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : ilya voronin 2:5099/11.59 22 Nov 2003 01:23:28
To : Aleksey Barabanov
Subject : linux fingerprinting
--------------------------------------------------------------------------------
21 Nov 03 11:56, Aleksey Barabanov wrote to ilya voronin:
>> Последние версии nmap на это не покупаются. Версия Linux всё равно
>> определяется,
>> но вместо времени прошедшего с начала работы ситемы пишет 'w/o
>> tcp_timestamps'.
AB> Предложения ?
http://ippersonality.sourceforge.net/
What is it ? How does it work ?
The Linux IP Personality patch adds to your Linux 2.4 kernel the ability to have
different 'personalities' network wise, that is to change some characteristics
of its network traffic, depending on different parameters (anything you can
specify in an iptables rule: src/dst IP address, TCP or UDP port, etc.)
The characteristics that can be changed are:
* TCP Initial Sequence Number (ISN)
* TCP initial window size
* TCP options (their types, values and order in the packet)
* IP ID numbers
* answers to some pathological TCP packets
* answers to some UDP packets
They are deeply configurable.
This patch relies on the wonderful framework created by Rusty Russel: netfilter.
More precisely, the patch adds a new iptables target (in a kernel module) that
can be used in the mangle table with a (patched) iptables. This target is very
configurable. See the documentation section for more details on how it works.
Why would you need this ?
If you ask this, then you don't. ;-)
The primary objective of this patch is to counter network fingerprinting
techniques, as described in Fyodor's article.
Fyodor is the author of nmap, the famous port scanner that has a powerful remote
OS detection engine. IP Personality can fool current versions of nmap, and is
very configurable, so that it can probably fool any similar tool. The patch
allows one to emulate the behaviour of any system listed in nmap's list of OS
fingerprints. Some of its features can even be applied to routed traffic, and
thus disturb scans directed to machines that are behind it. Some features (eg
TCP ISN rewriting) can also be used to improve overall network security.
--
ilya voronin <jid:ivoronin@jabber.ru>
registered linux user 292188
--- GoldED+ 1.1.5 Debian GNU/Linux 3.0r1 kernel 2.4.22
* Origin: oh mein gott, es ist voller sterne (2:5099/11.59)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
