fooling nmap

[vxp]

On Sat, 4 Sep 2004, Colin Alston wrote:

> My point was if it provides no security, then there is no point to it at
> all.
oh, but it does. it prevents them from gathering accurate information
about your system. that's an extremely important part of the attack.

> Most attackers are going to exploit things at a service level
> anyway. What is the point of changing the fingerprint?
ok, say your apache is vulnerable to whatever. an exploit for that apache
under linux is one thing, under freebsd is another, under windows another,
etc. the 'service level' won't work, if you got the OS wrong. there's very
very few cross-platform vulnerabilities that share the _same_ exploit code
on _all_ platforms. actually, there's not a 'few'. there's none.

> Change it to
> Windows and attract more attension? Or just so that people attempt the
> wrong attacks.

wrong attacks, yes. wrong attacks = no intrusion.