Content deleted Content added
→Protection against and detecting fingerprinting: wikify a bit more |
m WPCleaner (v0.99) Repairing link to disambiguation page - (You can help) - ICMP |
||
Line 22:
Protection against all types of TCP/IP fingerprinting is achieved through TCP/IP fingerprint obfuscators. Also known as fingerprint scrubbing, tools exist for [[MS Windows]]<ref>[http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools OSfuscate]</ref>, [[Linux]]<ref>[http://ippersonality.sourceforge.net/ IPPersonality]</ref>, [[FreeBSD]]<ref>[http://www.usenix.org/events/sec00/full_papers/smart/smart_html/index.html Defeating TCP/IP stack fingerprinting]</ref>, and likely others.
Moreover, protection against active fingerprinting attempts is achieved by limiting the type and amount of traffic a system responds to. Examples include the following: blocking of all unnecessary outgoing [[Internet Control Message Protocol|ICMP]] traffic, especially unusual packet types like address masks and timestamps. Also, blocking of any [[ICMP Echo Reply|ICMP echo replies]]. Be warned that blocking things without knowing exactly what they are for can very well lead to a broken network; for instance, your network could become a [[Black hole (networking)|black hole]]. Alternatively, active fingerprinting tools themselves have fingerprints that can be detected.<ref>[http://ojnk.sourceforge.net/stuff/iplog.readme iplog]</ref>.
Defeating TCP/IP fingerprinting may provide limited protection from potential attackers who employ a [[vulnerability scanner]] to select machines of a specific target OS. However, a determined adversary may simply try a series of different attacks until one is successful.<ref>http://seclists.org/pen-test/2007/Sep/0030.html OS detection not key to penetration</ref>
| |||