What is so great about it? Well, heard about OS fingerprinting / “Tcp/IP” Stack fingerprinting. Those who practice security couldn’t imagine a life without nmap ?, yeah that line is familiar…
So many of these tools do this by the changes in tcp/ip stacks. The RFC for tcp/ip defines value types for TTL, Window Size, MTU etc but do not mandate a default value hence different OS implementations have adopted it to have different values. What does it make it easy? Recon… Just a ping packet would let one know the TTL value, so similar correlations for many parameters would yield the OS in place without much trouble.
Operating System Obfuscation is a method, using which you could change those parameters on the OS so that it looks like a totally different Operating System!
If you do not want much of technical details on how you do it, (although I must tell it is a piece of cake) you could use a tool to configure it.
Test it out yourselves;
1. First do an nmap scan [ nmap -O2 <target_ip> ] => See the OS guesses.
2. Run Sec_Cloak on the machine and set it to appear as some linux flavor.
3. Repeat the first step again and watch for the OS guess.
You’d get it by then….
