OSfuscate: Change your Windows OS TCP/IP Fingerprint to confuse P0f, NetworkMine

[fraggle]

      I was wondering awhile back how one could go about changing the OS fingerprint of a Windows box to confuse tools like Nmap, P0f, Ettercap and NetworkMiner. I knew there were registry setting you could change in Windows XP/Vista that would let you reconfigure how the TCP/IP stack works, thus changing how the above tools would detect the OS.  I wasn't sure what all registry changes to make, but luckily I found Craig Heffner's tool Security Cloak ( sec_cloak.exe ) and by looking at it's source I was able to figure out what to do.  The needed IP stack changes were hardcoded into Security Cloak, but for my tool I decided to make it easier to update by allowing the user to add new OS fingerprint profiles as ini files. Yes, I know this is security through obscurity and the attacker can still probably figure out the OS on a box by other means, but I still think it's kind of cool to play with.

http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools

[swytch]

Nice..