grsecurity forums


http://forums.grsecurity.net/

fool OS fingerprinting

http://forums.grsecurity.net/viewtopic.php?f=1&t=121

Page 1 of 1

fool OS fingerprinting

PostPosted: Wed Aug 21, 2002 5:36 am
by CleeK
I would like to have a feature in grsecurity to fool OS fingerprint requests of tools like nmap -O. Is it out of the topic of grsecurity ?

Sthg else : is it possible to make grsecurity invisible on a patched system ? I would like to use grsecurity, but I don't want that someone knows it is a "grsecurityzed" kernel. The first thing is to remove the EXTRAVERSION '-grsec' , but a user can look for a file like /proc/sys/kernel/grsecurity/acl. Any ideas ?

PostPosted: Wed Aug 21, 2002 9:20 am
by spender
the stealth netfilter module for grsecurity will fool nmap -O.

As for making grsecurity invisible, you're on your own with that one. Unlike some other systems out there, grsecurity is written to be effective even if the attacker knows everything about the system.

If you're using the acl system, /proc/sys/kernel/grsecurity can be hidden with a single rule.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/