nmap -O

been looking for a guide to prevent os fingerprinting. using nmap -O ... on host reveals it's OS etc, trying to prevent this. any links to any guides would be awesome. Soz for short post.

http://www.pgci.ca/common/p_fingerprint.htm

Google. Six seconds.

i've come across that one, but still not quite understanding what needs to be done. would prefer to have someone familiar with the topic to give us a link, not just a google search(amazingly enough ive done some of these, see, i too have heard of this google thing).

'And he kept on spamming links'.

http://www.usenix.org/events/sec2000/full_papers/smart/smart_html/

spyware wrote: 'And he kept on spamming links'. Damn you spyware. I don't even think that's fun for real, but it made me laugh IRL :D

Knowing how OS fingerprinting works is going to help you prevent/spoof it more than finding a link to prevent it.

You have multiple things to take into account. First off you have ports that are only open on certain operating systems. Thus something with 135/139 is going to give a high percentage of target being a Windows operating system.

Then you have the way operating systems respond to packets being sent in certain ways, to closed/open ports, with malformed data, short/long TTL, and etc. Some operating systems will respond in different ways to different types of packets.

Then you also have a service scan and, with certain programs, banner grabbing.. Finding an IIS webserver running on target OS will give higher percentage of target being Windows.

The best way to deal with this is being able to manage packets and ports. Providing a good ruleset within your firewall, IDS triggers, etc., is your best bet to stump and only give generality (like target OS is Windows) about target OS. Spoofing is another good viable option. Closing and opening ports that certain operating systems only have open will throw a high percentage of that OS and throw off the detection.