如何对端口扫描隐藏Linux版本？

Question

在扫描服务器端口时，如何隐藏运行的Linux版本？

当我从外部映射服务器的ip (nmap‘’ed(nmap -A -T4 192.168.40.12)时，结果是：

Starting Nmap 4.62 ( http://nmap.org ) at 2009-11-07 11:27 IRST
LUA INTERPRETER in nse_init.cc:763: /usr/share/nmap/scripts/robots.nse:4: module 'http' not found:
 no field package.preload['http']
 no file '/usr/share/nmap/nselib/http.lua'
 no file './http.lua'
 no file '/usr/local/share/lua/5.1/http.lua'
 no file '/usr/local/share/lua/5.1/http/init.lua'
 no file '/usr/local/lib/lua/5.1/http.lua'
 no file '/usr/local/lib/lua/5.1/http/init.lua'
 no file '/usr/lib/nmap/nselib-bin/http.so'
 no file './http.so'
 no file '/usr/local/lib/lua/5.1/http.so'
 no file '/usr/local/lib/lua/5.1/loadall.so'
SCRIPT ENGINE: Aborting script scan.
Interesting ports on 192.168.40.12:
Not shown: 1710 closed ports
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 3.9p1 (protocol 1.99)
53/tcp   open  domain  dnsmasq 2.47
80/tcp   open  http    Apache httpd
222/tcp  open  ssh     OpenSSH 3.9p1 (protocol 1.99)
8081/tcp open  http    CherryPy httpd 2.3.0
MAC Address: 00:10:F3:0F:59:B7 (Nexcom International Co.)
Device type: firewall
Running: IPCop Linux 2.4.X
OS details: IPCop firewall 1.4.10 - 1.4.15 (Linux 2.4.31 - 2.4.34)
Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.180 seconds

我不希望操作系统的细节被显示。我使用的是IPCop防火墙。

谢谢。

Answer 1

我修改/etc/sysctl.conf

并添加以下一行：

net.ipv4.ip_default_ttl = 199

保存/退出

Answer 2

nmap使用TCP/IP堆栈的特性(除其他外)猜测在目标主机上运行的操作系统。除了改变Linux的TCP/IP堆栈的工作方式之外，您无法阻止这一点。

nmap操作系统检测的详细信息：

• http://nmap.org/book/osdetect.html
• 理解Nmap指纹
• OS匹配算法

此外，被动操作系统指纹工具( 自述文件 )的p0f也可以为您提供一个如何工作的线索。