Sun Tzu once stated, "Know your enemy and know yourself, and in a hundred battles you will never be defeated." By denying outsiders information about our systems and software, we make it more difficult to mount successful attacks.
There are a wealth of options for OS-fingerprinting today, evolving from basic TCP-flag mangling tools such as Queso, through the ICMP quirk-detection of the original Xprobe, and the packet timing analysis of RING, to today's suite of multiple techniques employed by nmap. The ultimate advantage in the OS-detection game lies with the defender, however, as it is they who control what packets are sent in response.
Morph is a BSD-licensed remote OS detection spoofing tool. It is portable and configurable, and is designed to frustrate current state-of-the-art OS fingerprinting. This presentation will discuss the current techniques used for OS fingerprinting, and how to frustrate them. Morph will be released with the talk, as a concrete example of the discussed techniques.
OS fingerprinting is one of the most useful methods available to gather information for an attack. Some work has been done in the past to defend against OS fingerprinting (FPF by Packet Knights), but none have been implemented with portability in mind. A tool is needed that will allow systems administrators to protect their assets against reconnaissance efforts of potential attackers.