The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Security Cloak - Fool Passive Fingerprinting
------------------------------------------------------------------------
SUMMARY
DETAILS
Security Cloak is designed to protect against TCP/IP stack fingerprinting
and computer identification/information leakage via timestamp and window
options by modifying relevant registry keys. The settings used are based
on the results of SYN packet analysis by p0f. While the OS reported by
other OS detection scanners were not identical to those of p0f, testing
against Nmap, xprobe2, queso and cheops showed that they were unable to
identify the correct operating system/version after Security Cloak
settings had been applied.
Note that in order to properly emulate some Operating Systems, the MTU
must be changed. While most of these require the MTU to be 1500 (the
default for most network connections),depending on your network
connection, this could degrade/interfere with your connectivity, so be
sure to check your current MTU before applying these changes. It is
recommended that you save all the original key values before using this
program in the event that your computer responds negatively to the
changes.
The source code and Windows binary can be downloaded from
<http://www.craigheffner.com/security>
http://www.craigheffner.com/security
Use:
Security Cloak should be run from the command line and takes only one
argument: the OS you want to spoof.
Example:
C:\>sec_cloak.exe linux
Below are all valid arguments available and their corresponding OS:
ARGUMENT OPERATING SYSTEM NOTES
sega Sega Dreamcast Dreamkey 3.0 MTU set to 1500
hpux HP-UX B.10.20
playstation Sony Playstation 2 MTU set to 1500
linux Linux 2.0.3x
novell Novell Netware 5.0 MTU set to 1500
tru64 Tru64 v5.1a JP4 Window scale enabled
freebsd FreeBSD 2.0-4.2
wince Windows CE 3
winxpsp1 Windows XP SP1 MTU set to 1500, window scale
enabled
win2000 Windows 2000 SP4 MTU set to 1500, window scale
enabled
win98 Windows 98
irix Irix 6.2-6.4
sunos SunOS 4.1.x MTU set to 1500
checkpoint Checkpoint Firewall MTU set to 1500
os400 OS/400 V4R3/M0 MTU set to 576
palmos3.5 Palm OS 3.5 MTU set to 576
palmos5.2 Palm OS 5.2 MTU set to 1438
dos DOS Arachne MTU set to 576
winnt Windows NT 4.0 SP6a MTU set to 1454
beos BeOS 5.0-5.1 MTU set to 1280, window scale
enabled
Supports:
This has only been tested on Windows XP, but should work on other Windows
OSs, provided the registry keys are the same.
Proper modification of the registry keys should enable it to work on any
other version of Windows.
Contact:
Any problems/questions, contact me at heffnercj [at] gmail . com
ADDITIONAL INFORMATION
The information has been provided by <mailto:heffnercj@gmail.com> Craig
Heffner.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
