SECURITY PENETRATION TESTING Are Your Computer Secure Enough Now ?

5Jul/090

Detecting and Evading the OS Fingerprint Scan

One simple way to avoid a lot of these types of attacks is simply to stay patched and updated across the infrastructure. Unfortunately, patching and maintenance is not enough to deter a lot of hackers worth their salt. Some tactics you can use to hide from the dreaded Nmap fingerprinting scan are to employ firewalls and system-level virus protection and port stealthing. This will greatly increase your ability to remain invisible to Nmap. Other methods include the use of programs such as Morph and IP Personality. Another technique employs the use of strategically-placed honey pots. A few well placed and thought out honey pots can add a tremendous level of proactive security to your network, as well as allow you to more easily use Nmap on your network in a positive way. You simply need to exclude your honey pots in your fingerprinting scans, or take them offline while you conduct your security scans and audits.

Morph and IP Personality

One good way to avoid having Nmap successfully used against you by an attacker is to confuse the situation by presenting a false face. There are two ways to do this rather nicely. One is with a program called Morph and another called IP Personality. Morph is a neat little program for Linux that allows a user to select some other OS to emulate. In doing so, the TCP, ICMP and UDP responses and behaviors can be modified to represent some other OS when an attacker tries to perform their reconnaissance OSFS on your network resources. IP Personality is another program for Linux used to change how Nmap sees you in its scan results. It allows you to manipulate TCP and UDP parameters via iptables rules. This affords you the ability to further disguise yourself when it comes to giving up information regarding what OS you're really running. The less valid information you provide to an attacker, the better.

Honey Pots

Honey pots stand as welcome hosts for would be attackers, crackers and other nefarious types. Bad guys are sucked in by the promise of an easy target and soon stuck in a sugarcoated death trap designed only in appearance to give them the soft target that they've been looking for. Depending on type and complexity of your honeypot setup, this technique can potentially thwart a number of mid-range hacker types that may know a thing or two, but aren't experienced enough to recognize a trap like this until it is too late. Honey pots are meant to give you time to respond to a situation. They occupy an intruder and allow you precious time to do your own reconnaissance about their attack types and targets of interest in your infrastructure.

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Facebook
  • Twitter
  • MySpace
  • Technorati
  • del.icio.us
  • LinkedIn
  • Sphinn
  • Mixx
  • Google Bookmarks
  • BlinkList
  • Diigo
  • email
  • Print
  • PDF

Enjoy this article? Subscribe SecurityOwned!

Want to subscribing SecurityOwned RSS feed enter your email address: 

About SecurityOwned

SecurityOwned is My Personal Documentation about Computer Security
Filed under: Nmap Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment


No trackbacks yet.

« Security Owned with Metasploit AutoPwn H4×0rz, Tigers and Bears »

SECURITYOWNED CATEGORIES

SECURITYOWNED RESOURCE

SECURITYOWNED MEMBER OF :

Add to Technorati Favorites

SECURITYOWNED VALIDATION

[Valid RSS]