On 30 August 2013 14:19, Joshua Wright <[email protected]> wrote: > Hi Robin, > > On Aug 29, 2013, at 6:57 PM, Robin Wood <[email protected]> wrote: > > > As I asked about recently, I'll soon be testing a NAC type device and so > I was wondering, is there a tool which will let me watch a device then > clone its network fingerprint? By fingerprint I mean things like network > settings such as TTLs but also open ports (probably couldn't spoof the > service but at least open the port). > > > > I know there is a tool that is designed to fool attackers by having a > list of different OS's and you chose which you want to pretend to be but > rather than pick from a list I want to be able to point it at another > machine and say "clone that". > > I don't think that exists. When I want to evade NAC systems, I usually > start with a Scapy-generated 3-way handshake that mimic's an iPad or other > device that I put together manually. > > What do you do for IP? Do you work out what is on the network through passive observation and then pick something that looks appropriate?
Any other suggestions on testing/avoiding NAC? I've not tested with one in action before and don't have anything to practice against. This particular test is to see if it is doing its job properly so specifics on testing a NAC would be good. > > If a tool doesn't exist, and I don't think it will, can someone remind > me of the name of the tool I described above and I'll have a look see if > that can be modified. > > I think you mean OSFuscate by Irongeek: > http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools > . > > Thats the one. Robin > -Josh > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
