How to hide or obfuscate the type of OS?

Question

I get the OS type of a remote host by:

connecting to an open port (telnet <host> 22);
using Nmap (nmap -A <host>).

What are techniques and how to hide or change the information about OS? I would like to get answers with respect to GNU/Linux or (and) BSD OS.

@Gilles most of the attacks are specific to a particular OS so it makes sense to obfuscate it. It doesn't prevent the attack but makes it more difficult for the attacker to find a way to get to your machine — 0x1gene, Oct 02 '14 at 17:13

score 1 · Answer 1 · answered Jul 14 '14 at 10:56

You can hide from Telnet by changing the welcome banner of each service you're worried about (some of these will be easy to change, others will be hard).
You can make Nmap's OS detection less reliable by configuring your firewall to drop all packets to closed ports: Nmap works best if it can find both an open port and a closed port to probe.

score 0 · Answer 2 · answered Jul 14 '14 at 10:51

You need to do it case by case for any remote service you expose:

Disable the services you don't use
Hide the version numbers for the services you use (example for a PHP server)

I assume you are trying to avoid leaking information that your server may not be up-to-date or may be vulnerable to a specific zero-day. At the end of the day this won't do much to protect you, adversaries may just learn whether you're vulnerable by attacking directly.

How to hide or obfuscate the type of OS?

2 Answers2