top of page
< Back

Derevolutionizing OS Fingerprinting: the cat and mouse game

10 Aug 2019

Comprehensive Talk

Derevolutionizing OS Fingerprinting: the cat and mouse game

Jaime Sanchez - aka @segofensiva -


Traditional methods to defeat OS Fingerprinting in Linux were written as

kernel modules, or at least, as patches to the Linux kernel, like

Honeyd, IP Personality, the Stealth Patch, Fingerprint ****er, IPlog...

The reason is that if the aim is to change Linux TCP/IP stack behavior,

and if we want to achieve it, we need to do it in the kernel layer. Most

of these tools are old, doesn't work with actual kernels of can affect

tcp/ip stack performance.

OSfooler-NG has been complete rewriten from the ground up, being highly

portable, more efficient and combining all known techniques to detect

and defeat at the same time:

- Active remote OS fingerprinting: like Nmap or Xprobe

- Passive remote OS fingeprinting: like p0f or pfsense

- Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting

Some features in this versions are:

- No need for kernel modification or patches

- Simple user interface and several logging features

- Transparent for users, internal process and services

- Detecting and defeating mode: active, passive & combined

- Will emulate any OS

- Capable of handling updated nmap and p0f fingerprint database

- Undetectable for the attacker

bottom of page