Fedora Security :: Faking OS Fingerprint Scans (defeat Nmap)?
Oct 4, 2010
Are there any possible options to archive this w/ the 2.6.34 kernel? I know windows can do this w/ a button and BSD can drop packets when connected to closed ports...is IP personality usable in 2.6? Do I need work-arounds? any more options??Currently I've managed to @%#$ my OS fingerprints so results won't show as Linux.4/2.6...etc, but the problem is.. instead it's got the word "Redhat" in it (which is well... worse... because now.. if someone looks at my machine he/she'll know I am on either RHEL/Fedora )
It was recommended that I post the results of a service scan performed against a remote machine. However, before I get flamed for lack of proper etiquette, I asked for advice prior to posting. So, here goes. I have a been getting scanned repeatedly by the same group of addresses for well over 2 months. I decided to take a closer look once the scans stepped up a notch. By "stepped up a notch" I mean more specific. All the originating HOST are using either port 12200 or port 6000. All with one exception, appear to be located in China. The scans are blatant. Over and over again. I noticed some timing between scans that seemed to match up with a European location as well.
The first question would be if I could get in trouble for the remote host actions. I mean, I have noticed pings directed past the router to the internal network now in my linux logs. Could the attacker/scanner be using me as a bounce for other stuff? The scans, as stated before, never stop.
I ran a scan against one of the host out of curiosity. You can check it out at http://pastebin.com/5qcKSgC0. It appeared to be a school in china. Should I report it? IF so, how would aI report it to some guy in china, I don't speak or write Chinese.
im interested to know how to change fingerprint ?Linux (Ubuntu) look like WindowsLinux kernel 2.6 look like Linux 2.4 ----apache 2.2 look like apache 1.3apache look like IIS apache look like "BLABLABLA"
If you have been trying to compile & install the new NMAP 5.20 scanning utility as a 64 bit user, you may have run into some issues as I did...The compiler will halt when you attempt to 'make', saying that you need to recompile using -fPIC.The fix: "./configure CXXFLAGS=-fPIC CFLAGS=-fPIC LPFLAGS=-fPIC"then rerun "make".I hope this helps someone, as it took me way longer than it should have to get this going. Enjoy the new versions as it is supposed to have 10,000 updated OS detection signatures and new scripts!
First off is there any way to configure ubuntu to log in with a password, fingerprint and usb token? Secondly what is the difference between the standard home folder encryption and the alternate install encryption?
Thirdly is it possible on new external hard drives that incorporate thumb scanners to install truecrypt on these? Fourthly does anyone here on ubuntu forums use lastpass with the 'yubikey' device-does it work well on ubuntu? And fifthly are ironkey usb keys worth the money or are they a scam?
A scan on my computer reported as up many local ips which simply does not exist in my network. This host is supposed to have ip 192.168.0.4, but all other ip should not be there. I have a USB modem connected to a Linux box, connected itselfs to a wifi linksys router and thats it.
# nmap -sP '192.168.*.*' | grep -v down Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2010-11-18 21:46 CET Host 192.168.0.4 appears to be up. Host 192.168.7.27 appears to be up. Host 192.168.10.0 appears to be up.
I wouldn't call myself paranoid, but I do try to keep reasonably secure on my home network (WPA encryption, router firewall, etc.). I also occasionally use nmap to make sure I don't see any unknown computers logged into my network. The problem is I have five computers that all use DHCP on the network and they are not all up all of the time. At most, there are two to three online at any one time.
So, my question is: Do any of the IP addresses remain in the router's database for a computer that has gone offline (shutdown)?
The reason for my question is that today I ran nmap on my home network and noted an IP address that was not currently up on the network. It is, however, an address that is frequently assigned to one of the computers when it is online, but that address was not up at the time I ran nmap. Just trying to make sure my network is not being used by some nearby computer.
I am trying to understand why when running nmap against a SonicWALL firewall at a remote location, the SonicWall firewall is saying that most of its 65535 ports are open? I know this cant be correct and remember reading about how some of these network appliances are setup this way to thwart off attacks.
I own Fedora Core 12 and an HP scanner. I want to make digital copies of all the pictures I took a few years ago. I have a lot so I tried scanning five at a time thinking I could cut and paste into smaller images like with MS Paint on Windows. HPLIP 3.9.12 wouldn't let me modify the scans so I tried GIMP 2.6.10. GIMP 2.6.10 is a nightmare! When I opened my scan of five pictures I had trouble opening a new image. Then I had to specify the size of the new image. The when I cut and pasted I couldn't rotate. Then when I figured out how to rotate my image was too small.
Then I tried scanning just one picture but HPLIP left a lot of blank space. I tried cropping out the blank space with GIMP but the image size was the same with the blank space. I don't want to post photos to Flickr that are mostly empty space.I wish I could show you examples but the forum won't let me post them.Any ideas or suggestions for a program for Fedora Core 12 that's got the functions and features of MS Paint?
I'm in the process of setting up a script in perl to make 1,000's of curl calls to my companies application on our test server. Our software does all sorts of tracking of data based on IP addresses using geoIP, so i was wondering if anyone knew of a way to fake these addresses to the server?I know a big issue with the IP faking is the return path but i dont really need this. I also cant do it on the hardware level since the script is going to be picking lots of different IP's at random.Anyone have any idea if this is possible and if so, are there any known libraries i can use for this? I prefer perl but any Linux compatiblie scripting language is fine.
I have a HP 3310 multifunction unit. Using HPLIP system it will print quite happily (though oddly the printer has to be on before the computer has booted for the networking to work!Now I'm trying to get the hang of scanning 35mm negatives using it + Fedora 12 (32bit). xsane seems to be the way forward, I can get a poor scan back but seem unable to find a way to tell the software I am scanning negatives and so to only scan the areas containing the film strip (HP provide a negative holder taht fixes the strip in right place on glass) to get higher quality scans. Anyone with any experience of scanning 35mm negs using HPLIPs/xsane/HP3310 ?
Since yesterday my sudo doesn't work with my fingerprintreader anymore. su and GDM still do. sudo just asks me for the password instead of asking for a finger-swipe. AFAIR I changed nothing, but I accidentally forwarded the USB-Port on which the scanner is connected to VMware. I disconnected it, but maybe there could be the problem. Fedora 12 x64, Thinkpad T61 integrated Fingerreader.
I am working on a project that requires fingerprint reader support. So, I installed the libfprint and libfprint-devel packages on my Fedora 14 system, to support my Authentec AES 2501 fingerprint reader. I know that my device is alright because it is working fine on the Windows 7 installed on the same system. In fedora, the fingerprint reader is recognized, when I run the fprintd-enroll command. The prompt to enroll the fingerprint is displayed on terminal. But, it just stands when I swipe my finger. I have tried everything but cannot resolve the issue. The output of usb-devices command shows "Driver=none" under fingerprint sensor usb device. But, I have the libfprint installed.
i am having problem in downloading and installing nmap network scanner program in my fedora 10 machine...can any body help me from where i can download and install nmap using command line or ssh session on my fedora machine...
ive tried uninstalling it in software sources and in synaptic package manager and ive deleted the .wine folder and all files associated with the program im trying to get rid of except its .iso's which i put in a new folder and ive deleted all the drives i made in winecfg that i needed to run my program and ive tried sudo apt-get wine purge1.3 but its still the 4 wine folders are still there in menu editor and can still partially run the program im trying to get rid of and when i restart its back to the begginning
Digital Persona Fingerprint reader is not working on dell 1535. I am using fedora 13 64 bit edition. I have tried using lsusb |grep -i finger but nothing has come up. I have installed all the fprintd packages but still no luck.
It is known and well described in C++ standard ('C++ Standard - ANSI ISO IEC 14882 2003.pdf') that under certain circumstances types are promoted - for example, 'int' is promoted to 'double'.My design goal is to create wrappers around standard scalar types (like 'double', 'float', 'long', etc.) that would prevent such conversions/promotions, i.e. I want to create a really strictly typed C++ environment (like, say, OCaml).
However, the promotion is caught at runtime.Is there a way in C++ to catch/block such promotions/conversion at compile time ?
I'm using Ubuntu 10.10, with a wireless HP j4680. That prints on occassion. I've tricked it once by creating a new printer System/Admin/printers, setting the "new" printer to default then deleting the old printer. Not working that way this time. I've search the old forums, a lot of activity in 2007-2008 but nothing since.
Is there a way to defeat HP's efforts to force it's customers to purchase the extremely high, close to 50.00 dollars in my area.
can some one explain why opensuse 11.2 try to scan the default gw via snmp? And why it generates wrong packages with other mac-addresses? we have 3 scan tries with the same IP (from the fresh install) but with 3 different mac addresses. Can some one point me to the code which does this strange things?
i just installed ubuntu 10.04 on my computer, and tried to airodump, but noticed that its stuck on 11th channel, when i specified only channel 6 during scan, it gave me hosts from channel 6 and 11, but then i ran aireplay-ng and it runs on 11th channel as well, even when i put my card into monitor mode with a specific channel option. btw my chipset is AR9285 with ath9k driver. everything worked in backtrack. i also tried to reinstall aircrack which did not work.
I just noticed after installing a new server with samba that a portscan will show the samba used ports. This server has two interfaces, a world address eth0 and an intranet eth1. The samba ports show in scanning either interface, even after I changed samba to listen only to the intranet (192.168.x) address.
I am concerned especially about the 139 and 445 ports, which could attract a lot of garbage traffic.This is Debian 5.05 default samba installation.Otherwise similarly installed Ubuntu box with two interfaces does not show samba at all, even though smbd is running and working just fine.
I'm so used to Windows having to run multiple malware scans with multiple tools. Running registry cleaners and running CCleaner to remove all of the old temp files, cookies etc.. Derfagging. Ok with Ubuntu no more malware scans. No more registry scans. It appears that there isn't a defrag tool? And what about the other things that tend to clog up the works, Temp files , cookies etc. Is that what the disc janitor is all about?