Can I make my linux system look like windows when scanned?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can I make my linux system look like windows when scanned?
I was wondering if there was a way that I could make my red hat system look like windows xp or even something else if scanned from the Internet. I have searched the web & the only thing that I found that would let me do this was an outdated kernel patch. I thought this might be a somewhat good idea for my firewall so that if someone tries to hack it they would spend enough time trying to exploit the wrong type of system & finally give up. I understand the idea of security through obscurity & realize that this isn't a failsafe method, but I would like to add another layer of security to my linux box as I'm switching to dsl soon.
If your box has any externally accessible services then it is usually fairly trivial to come to the conclusion that it is not Windows. If it does not, then they cannot really do anything anyway - disregarding a vulnerability in Linux's TCP/IP stack. This really is not worth your time .
Thanks for the reply. I was curious about this & believe (hope) that my box is fairly secure as I don't have any outside services running & have used several tools to help lock everything down.
If you have no services running they can connect to then they can't tell what you are running anyway. There aren't a whole lot of remote exploits around for linux anyway. There were a few involving old versions of apache but if apache isn't running as root then they worst they could do is hose your websites. SSH < 2.0 is exploitable but very few people run that anymore, there has been some security holes in OpenSSH but many of them were found and fixed without a successful exploit ever produced (they were theoretical holes, or at least things the developers thought weren't great for security).
In general as long as you don't have insecure stuff listening on external ports, and you run things like web servers and ftp servers under a user other then root you are pretty safe. There are things you can do with IP tables to make your machine practically disappear that other posts in this forum discuss.
Originally posted by jtshaw ...and you run things like web servers and ftp servers under a user other then root you are pretty safe....
This is not necessarily true. A lot of system exploitation relies on the abundance of local privilege elevating vulnerabilities coupled with any usable account on the target system. You not only should be looking at running processes as users other than the superuser, but the amount of the interaction these non-privileged users can have with the environment. For instance, it is bad practice to run all non-privileged processes as the user `nobody' (once a common thing), as this allows a compromise on (for example) the web server to possibly interact with an internal process running as `nobody'. The main thing you will want to do is stop the user from gaining a shell prompt, for this you will want to look into things like chrooting, spending hours with DAC or minutes with MAC - none of these methods are foolproof, but they help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.