OS Fingerprint Change

**harner** · 06-21-2007

I have multiple servers running Ubuntu and OpenSuse 10.1/10.2. I was wondering, for security reasons, if there is a way I can change the OS fingerprint on these production servers. I'd obviously test the test boxes first.

For example, when I fire up Webmin:
Operating system SuSE Linux 10.1

I want the OS to read either something completely different (to confuse possible hackers by changing it to like Microsoft Windows 2003 Server haha) or nothing at all. After a security audit, this was suggested to us. Thanks for the help.

**anomie** · 06-21-2007

Trying to modify your OS fingerprint is a fun trick, but you might remind your security auditors that it's nothing more than "security by obscurity". (i.e. Waste of effort, IMO.)

A quick google turned up this article which should get you started:
Passive-Aggressive Resistance: OS Fingerprint Evasion | Linux Journal

Also, taken verbatim from the nmap(1) manpages:

If Nmap is unable to guess the OS of a machine, and conditions are good (e.g. at least one open port and one closed port were found)...

I read this to mean that if you do not have at least one open port and one closed (which is different than filtered) port, your OS will be more difficult to detect.

I'll close by saying: spend your time focusing on real hardening efforts, not this.

**harner** · 06-21-2007

Thanks for the help. In all actuality, we have an extremely secure network which is why we have some small issues to take care of.

Thanks again, I'll check out the article.

Thread Tools

Display

OS Fingerprint Change

Posting Permissions