On Fri, 2006-10-20 at 11:47 -0400, Joe Feise wrote:
> http://www.securityfocus.com/archive/1/444424/30/0/threaded
> It is no surprise that code shows up in the wild. As I said in another
> thread, a reasonably smart computer science student can easily bypass the
> TCP fingerprinting. And it is no surprise either that they help their fellow
> non-CS students to get around the OS detection.
> Our proof-of-concept code changes the TCP parameters to match a Mac, but it
> could be any one of the currently 21 operating systems the underlying
> security cloak tool supports. Or the TCP parameters could be changed
> manually to values that aren't found in any OS.

Sigh, more "security announcements" of things figured out years ago and
not unique to CCA at all.  Modifying TCP stack settings to make an OS
appear to be different to OS finger printing techniques is so...  1999
or earlier-ish.  Next you'll rediscover stealing MAC address or mac
address table overloading in switches or other such nonsense...

These are all well known issues that should already be known by any
halfway competent network administrator deploying a NAC solution.
Reasonable solutions that don't involve forcing draconian
processor/kernel level signed code techniques in operating systems or
ditching Ethernet and TCP/IP are outlined in Cisco's response.

The only true solution is people powered and if the admin feels it might
be a problem there are ways to see through what you've outlined.  It is
up to the administrator to decide if its worth the time to whip out the
cluebat and punish those users for violating the terms of service of the
network.

What exactly is your motivation in being here other than attempting to
stroke your e-peen?

-- 
Bruce A. Locke
[log in to unmask]
HAB 50 - (845) 257-3809

Network Administrator
Computer Services
State University of New York at New Paltz