Is there a way to disguise your PC characteristics from tools like NMAP and others on the internet? For instance if the OS you are using is Ubuntu is there a way to make it show up as something else. Are firewalls able to block PC's based on there characteristics rather then just there IP address. Lets say I tried to log into a system and the firewall ID my PC characteristics and blocked me so I changed IP addresses and am still blocked due these identifiers. Is that possible? and is there a way to change those characteristics?
-
5Tools like nmap actively collect information about the remote system by sending data to the system and analyzing the replies. It therefore needs to have access in the first place. Since the PC is typically located behind some router doing NAT such access is not given in the first place, no matter if additional protections are done on the PC or not. It is thus very unlikely that tools like nmap are used here in the first place. This means that your question is based on wrong ideas on how things work and should be closed as long as it is based on these wrong assumptions. – Steffen Ullrich Jan 30 '22 at 05:39
-
2Note that there is also passive fingerprinting of OS, TLS stack, applications ... which just analyses traffic send anyway. And there is also active browser level fingerprinting, doable by a web server visited with a browser. But you specifically ask for tools like NMAP which do active fingerprinting at the network level and do not cover the mentioned techniques. – Steffen Ullrich Jan 30 '22 at 05:41
-
1@SteffenUllrich: You comment is far more than comment. I suggest you post it as an answer. – mentallurg Jan 30 '22 at 11:42
-
@SteffenUllrich : So if I have services open on my PC. Someone else cannot run an NMAP scan on my PC if I am behind NAT? So essentially anyone who has a server open to the public is using there private IP? So how would that work for companies using a reverse proxy or a VPN, are they protected from scans like that and if so why wouldn't every company use a reverse proxy or a VPN? – Rideboards Feb 03 '22 at 21:38
-
@SteffenUllrich: Also why doesn't an NMAP scan go through NAT? NAT is just a forwarder, so when the packets get forwarded why can't they just be forwarded back to the persons public IP address? – Rideboards Feb 03 '22 at 21:46
-
@Rideboards: You are talking about PC, logging into remote systems, changing IP - which suggests a typical client setup and clients are usually behind some NAT router today. Having servers directly on the internet is different - but they are usually not called PC (which means *personal* computer) , they don't usually login into other systems where they then get blocked ... - so it looks like you don't refer to such servers in your question. – Steffen Ullrich Feb 03 '22 at 21:48
-
*"NAT is just a forwarder,"* - No. NAT is doing address and port translation based on known connections which got established from inside. If there is no matching connection it cannot translate incoming packets and will drop these. The exception is if some "exposed host" (or similar naming) is defined in the router, in which case packets without matching connections gets forwarded to this with only the address but not port replaced. – Steffen Ullrich Feb 03 '22 at 21:51
1 Answers
IP addresses are considered dynamic, so changing them doesn't prevent you from being identified.
The more exposed the computer, the more amount of signatures and fingerprints is given to OS analysis tools like Nmap. You may stop unused services, close all incoming traffic, put the station behind NAT and network firewalls, use WAF or other tool and techniques to reduce its visibility down to zero.
Yet, a welcome banner from a known opened service or headers sent by clients, like browsers, widgets or apps may disclose your computer's identity and OS specifications. Things like cookies from your previous visits can also expose you. Even a single clue may lead to total disclosure.
Try cleaning up cookies and other app residues, use safe browsing, HTTP header filters, use one carefully analyzed app at a time while closing all others.
Best way to keep totally different profile is probably to have separate computers (or VM's) for each.
- 212
- 1
- 3
-
Every IP address on the internet is dynamically assigned? The IP address is one of the primary identifiers, changing it does help from being identified along with other methods. – dcom-launch Jan 31 '22 at 22:15
-
@dcom-launch Not every address is dynamic. As I mentioned they are "considered" that way, specially for the users, because that's how 99.99% of users are addressed on the internet, hence the question. Therefore, other measures are taken into account to detect a user which Rideboards should know and evade. – MTG Feb 06 '22 at 07:17