Security Cloak : How to fool Passive OS Scanner

Discussion in 'other security issues & news' started by pavs, Jul 23, 2007.

Thread Status:
Not open for further replies.
  1. pavs

    pavs Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    3
    Security Cloak is designed to protect against TCP/IP stack fingerprinting and computer identification/information leakage via timestamp and window options by modifying relevant registry keys. The settings used are based on the results of SYN packet analysis by p0f. While the OS reported by other OS detection scanners were not identical to those of p0f, testing against Nmap, xprobe2, queso and cheops showed that they were unable to identify the correct operating system/version after Security Cloak settings had been applied.

    http://www.linuxhaxor.net/2007/07/23/security-cloak-how-to-fool-passive-os-scanner/

    pavs
     
  2. herbalist

    herbalist Guest

    The pOf fingerprint submission link reads my system as XP/2000, with both the user agent switcher and Proxomitron bypassed. Missed the hardware firewall entirely. Only thing it got right is that I have an ethernet modem and my IP. Fooling that isn't much of an accomplishment..
    Rick
     
  3. pavs

    pavs Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    3
    what do you mean by it missed the hardware firewall? It's not supposed to give information about your hardware firewall, but your OS, thats the whole point.
    It is a "passive OS scanner" , what makes you think it's going to work if you hide behind a proxy?

    For an active OS scanner use Nmap, or at least learn how to:
    http://www.linuxhaxor.net/category/hacking-tools/nmap/

    Cheers,
    pavs
     
  4. herbalist

    herbalist Guest

    The pOf V2 signature contribution specifically asks for firewall/cache systems.
    I'm using a hardware firewall but not a proxy. Either way, it didn't get my OS right either.

    You used a screenshot from http://lcamtuf.coredump.cx/p0f-help/ and I wanted to see if it could accurately identify mine. From their page.
    I was primarily checking out pOf's accuracy. It wasn't. Regarding NMAP, not needed to check their accuracy in identifying my own system.
    Rick
     
Loading...
Thread Status:
Not open for further replies.