Fool Remote Operating System Detection Software

Evade remote OS detection attempts by disguising your TCP/IP stack.

Another method to thwart operating system detection attempts is to modify the behavior of your system’s TCP/IP stack and make it emulate the behavior of another operating system. This may sound difficult, but can be done fairly easily in Linux by patching your kernel with code available from the IP Personality project ( This code extends the kernel’s built-in firewalling system, Netfilter, as well as its user-space component, the iptables command.

To set up IP Personality, download the package that corresponds to your kernel. If you can’t find the correct one, visit the SourceForge patches page for the project (, which usually has more recent kernel patches available.

To patch your kernel, unpack the IP Personality source distribution and go to the directory containing your kernel source; then run the patch command:

# cd /usr/src/linux
# patch -p1 < \ 

If you are using a patch downloaded from the patches page, just substitute it in your patch command. To verify that the patch has been applied correctly, you can run this command:

# find ./ -name \*.rej

If the patch was applied correctly, this command should not find any files.

Now that the kernel is patched, you will need to configure the kernel for ...

Get Network Security Hacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.