|
Penetration Testing
Block OS Detection Aug 31 2007 10:14AM Attari Attari (c70n3 yahoo co in) (4 replies) Re: Block OS Detection Sep 05 2007 08:00AM John Brazel (johnbrazel gmail com) (1 replies) Re: Block OS Detection Sep 01 2007 08:08AM Gadi Evron (ge linuxbox org) (2 replies) RE: Block OS Detection Sep 02 2007 07:02PM Ofer Shezaf (OferS Breach com) (2 replies) |
|
|
Privacy Statement |
Core Force those not implement packet normalization (scrub) of OpenBSD's
pf if I recall. I don't known if they messed up with the stack signature
in some other way.
Ivan Arce, could you ratify?
Otherwise..., almost any good firewall appliance should do the trick.
We use redundant OpenBSD's systems for this kind of purpose in a
production environment (highly critical 24/7/365). The firewall (pf) is
extremely powerful (enterprise level), easy to understand and cost
effective. Take a look at pfsync and CARP. One big advantage over PIX or
alike is the fact that your actually dealing with a complete operating
system: if you need to implement some other *twisted* security feature,
the door is wide open without having too invest in some kind of upgrade.
regards,
---
Danny Fullerton
IT Security Specialist, GCIH GHTQ
Mantor Organization
Ivan Arce wrote:
> OpenBSD's PF has been ported to Windows (pre-Vista) as part of a free
> firewall/endpoint security software. It is part of research work and
> in beta state (regular YMMV disclaimer) but I know it has been
> installed used on production servers for quite some time. The port of
> OpenBSD's PF provides a fully-featured and stable bidirectional
> statefull firewall that some found useful to have on windows systems.
>
> http://force.coresecurity.com
>
> -ivan
>
>
> Arafat M. Bique wrote:
>> For Windows System and IIS is not quite easily to do that. I don't know
>> if someone has a solution that isn't reverse proxy.
>>
>> Regards,
>>
>> Arafat M. Bique
>> Network Infrastructure
>> IT Department
>> email:arafat.bique (at) bcifomento.co (dot) mz [email concealed]
>> Web:http://www.bcifomento.co.mz
>>
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>> On Behalf Of John Brazel
>> Sent: Wednesday, September 05, 2007 10:01 AM
>> To: Attari Attari
>> Cc: pen-test (at) securityfocus (dot) com [email concealed]
>> Subject: Re: Block OS Detection
>>
>> OpenBSD's pf firewall has a 'scrub' option that allows normalisation
>> of various TCP header fields, as well as fragment re-assembly and the
>> like.
>>
>> J.
>>
>> On 8/31/07, Attari Attari <c70n3 (at) yahoo.co (dot) in [email concealed]> wrote:
>>> Hello All:
>>>
>>> Is there a PRACTICAL solution from PRODUCTION
>>> environments that can be used to block OS detection
>>> from tools like NMAP? I googled and read some notes
>>> but couldn't find a real world solution to blocking
>>> Windows & Linux OS detection.
>>>
>>> I'm quite sure I'll get the right inputs here.
>>>
>>> Thank you.
>>>
>>> Attari
>>>
>>>
>>> Unlimited freedom, unlimited storage. Get it now, on
>> http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/
>>>
>> ------------------------------------------------------------------------
>>> This list is sponsored by: Cenzic
>>>
>>> Need to secure your web apps NOW?
>>> Cenzic finds more, "real" vulnerabilities fast.
>>> Click to try it, buy it or download a solution FREE today!
>>>
>>> http://www.cenzic.com/downloads
>>>
>> ------------------------------------------------------------------------
>>>
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic
>>
>> Need to secure your web apps NOW?
>> Cenzic finds more, "real" vulnerabilities fast.
>> Click to try it, buy it or download a solution FREE today!
>>
>> http://www.cenzic.com/downloads
>> ------------------------------------------------------------------------
>>
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic
>>
>> Need to secure your web apps NOW?
>> Cenzic finds more, "real" vulnerabilities fast.
>> Click to try it, buy it or download a solution FREE today!
>>
>> http://www.cenzic.com/downloads
>> ------------------------------------------------------------------------
>>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
[ reply ]