How to change Linux version fakely?

Jason.nix · 11-22-2023, 12:49 AM

Hello,
I have installed Debian on a system and when I scanned it via a scanner like Nmap, scanner can detect it. Is it possible to change a part of Linux so that the scanner detects Red Hat instead of Debian?
Sorry if the question is a bit strange.

Thank you.

pan64 · 11-22-2023, 01:17 AM

that is just nonsense. I don't know how the scanner checks the OS, there are a few files around there, probably you need to modify /etc/release and siblings only. But probably it makes more serious checks which cannot be faked (that means you will need modify your system). And anyway, what's the goal? What do you want to achieve with it?

lvm_ · 11-22-2023, 02:05 AM

It's more complex than that - nmap uses a combination of responses rather than a single point of detection, and yet it can be fooled e.g. with https://ippersonality.sourceforge.net/ It's ancient, but may give a few pointers

yancek · 11-22-2023, 02:54 AM

Quote:

I have installed Debian on a Linux system

I'm curious about what that means. Debian is a Linux operating system. Did you install Debian over a pre-existing Linux OS? Or is that a typo, you meant 'as' rather than 'on'?

If you want nmap and similar software to show the system as something other than what it is, I would guess that is possible and you might get some pointers from the link in post 3.

Jason.nix · 11-24-2023, 11:05 AM

Quote:

Originally Posted by pan64

that is just nonsense. I don't know how the scanner checks the OS, there are a few files around there, probably you need to modify /etc/release and siblings only. But probably it makes more serious checks which cannot be faked (that means you will need modify your system). And anyway, what's the goal? What do you want to achieve with it?

Hello,
Thank you so much for your reply.
I don't like that scanners like Nmap can detect my Linux distribution. What is your suggestion?

Jason.nix · 11-24-2023, 11:06 AM

Quote:

Originally Posted by yancek

I'm curious about what that means. Debian is a Linux operating system. Did you install Debian over a pre-existing Linux OS? Or is that a typo, you meant 'as' rather than 'on'?

If you want nmap and similar software to show the system as something other than what it is, I would guess that is possible and you might get some pointers from the link in post 3.

Hello,
Thank you.
It was typo. I corrected it.

Jason.nix · 11-24-2023, 11:07 AM

Quote:

Originally Posted by lvm_

It's more complex than that - nmap uses a combination of responses rather than a single point of detection, and yet it can be fooled e.g. with https://ippersonality.sourceforge.net/ It's ancient, but may give a few pointers

Hello,
Thank you so much for your reply.
Linux 2.4 kernel?

pan64 · 11-25-2023, 08:34 AM

Quote:

Originally Posted by Jason.nix

Hello,
Thank you so much for your reply.
Linux 2.4 kernel?

The question was how to fake your system to a network side scanner. An answer would be to check that code (and try to apply it to your own system, if you wish).
But as I wrote it is more or less nonsense, everybody can write a tool to identify a remote system. Some of them are running inside browsers, others will analyze network responses, opened ports ...
check for example here: https://nmap.org/misc/defeat-nmap-osdetect.html (yes, 2003)
this is another paper, https://arxiv.org/pdf/1706.08003.pdf...%20Obfuscation
(see at least the conclusion)

goldennuggets · 11-26-2023, 07:45 AM

Quote:

Originally Posted by lvm_

It's more complex than that - nmap uses a combination of responses rather than a single point of detection, and yet it can be fooled e.g. with https://ippersonality.sourceforge.net/ It's ancient, but may give a few pointers

Here are two more links that you might find helpful in understanding how nmap (specifically) detects an OS. Once armed with a better understanding, then you might be able to start devising a work-around.
https://nmap.org/book/man-os-detection.html
https://nmap.org/book/osdetect.html