Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I have installed Debian on a system and when I scanned it via a scanner like Nmap, scanner can detect it. Is it possible to change a part of Linux so that the scanner detects Red Hat instead of Debian?
Sorry if the question is a bit strange.
that is just nonsense. I don't know how the scanner checks the OS, there are a few files around there, probably you need to modify /etc/release and siblings only. But probably it makes more serious checks which cannot be faked (that means you will need modify your system). And anyway, what's the goal? What do you want to achieve with it?
It's more complex than that - nmap uses a combination of responses rather than a single point of detection, and yet it can be fooled e.g. with https://ippersonality.sourceforge.net/ It's ancient, but may give a few pointers
I'm curious about what that means. Debian is a Linux operating system. Did you install Debian over a pre-existing Linux OS? Or is that a typo, you meant 'as' rather than 'on'?
If you want nmap and similar software to show the system as something other than what it is, I would guess that is possible and you might get some pointers from the link in post 3.
that is just nonsense. I don't know how the scanner checks the OS, there are a few files around there, probably you need to modify /etc/release and siblings only. But probably it makes more serious checks which cannot be faked (that means you will need modify your system). And anyway, what's the goal? What do you want to achieve with it?
Hello,
Thank you so much for your reply.
I don't like that scanners like Nmap can detect my Linux distribution. What is your suggestion?
I'm curious about what that means. Debian is a Linux operating system. Did you install Debian over a pre-existing Linux OS? Or is that a typo, you meant 'as' rather than 'on'?
If you want nmap and similar software to show the system as something other than what it is, I would guess that is possible and you might get some pointers from the link in post 3.
It's more complex than that - nmap uses a combination of responses rather than a single point of detection, and yet it can be fooled e.g. with https://ippersonality.sourceforge.net/ It's ancient, but may give a few pointers
Hello,
Thank you so much for your reply.
Linux 2.4 kernel?
Hello,
Thank you so much for your reply.
Linux 2.4 kernel?
The question was how to fake your system to a network side scanner. An answer would be to check that code (and try to apply it to your own system, if you wish).
But as I wrote it is more or less nonsense, everybody can write a tool to identify a remote system. Some of them are running inside browsers, others will analyze network responses, opened ports ...
check for example here: https://nmap.org/misc/defeat-nmap-osdetect.html (yes, 2003)
this is another paper, https://arxiv.org/pdf/1706.08003.pdf...%20Obfuscation
(see at least the conclusion)
It's more complex than that - nmap uses a combination of responses rather than a single point of detection, and yet it can be fooled e.g. with https://ippersonality.sourceforge.net/ It's ancient, but may give a few pointers
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.