Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Is there an iptables rule or something I can implement to stop OS fingerprinting?

fingerprinting implement iptables OS rule
0
Posted

Is there an iptables rule or something I can implement to stop OS fingerprinting?

0 CommentsAdd a Comment

1 Answer

0

You really can’t block OS fingerprinting– it’s based on how the system responds to TCP packets. I believe the Linux kernel’s TCP sequencing changes A LOT– and that feature is what allows port scanners to determine what OS is running. There are other factors, I believe, too. But, in a nutshell, you really can’t block it. If you’re running a service on the system, you can determine what OS is running. I mean, you wouldn’t exactly expect ProFTPd to be running on Windows 2000 Server. Even if you could block OS fingerprinting, someone could just manually determine what OS you’re running. That’s really a trivial task. The most important thing is to keep your system updated, and make sure you’re not running unneeded services. If you wanted to be a little safer, modify the identifying strings that the daemons provide to remote users. That way, they couldn’t perhaps determine if you’re running an unpatched version of some system service.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123