# nmap (V. 3.10ALPHA4) scan initiated Wed Feb 19 20:26:52 2003 as: nmap −sS −O −oN nmap1.log 19
Interesting ports on 192.168.0.19:
(The 1597 ports scanned but not shown below are in state: closed)
Port
State
Service
22/tcp
open
ssh
25/tcp
open
smtp
80/tcp
open
http
143/tcp
open
imap2
Remote operating system guess: Linux Kernel 2.4.0 − 2.5.20
Uptime 106.832 days (since Tue Nov 5 00:29:33 2002)
# Nmap run completed at Wed Feb 19 20:26:58 2003 −− 1 IP address (1 host up) scanned in 7.957 s
voodoo:~/ippersonality−20020819−2.4.19/samples#/usr/local/sbin/iptables −t mangle −A PREROUTING
voodoo:~/ippersonality−20020819−2.4.19/samples#/usr/local/sbin/iptables −t mangle −A OUTPUT −s
voodoo:~/ippersonality−20020819−2.4.19/samples#/usr/local/sbin/iptables −L −t mangle
Chain PREROUTING (policy ACCEPT)
target
prot opt source
destination
PERS
all
192.168.0.50
192.168.0.19
tweak:dst local id:Dreamcast
Chain INPUT (policy ACCEPT)
target
prot opt source
destination
Chain FORWARD (policy ACCEPT)
target
prot opt source
destination
Chain OUTPUT (policy ACCEPT)
target
prot opt source
destination
PERS
all
192.168.0.19
192.168.0.50
tweak:src local id:Dreamcast
Chain POSTROUTING (policy ACCEPT)
target
prot opt source
destination
# nmap (V. 3.10ALPHA4) scan initiated Wed Feb 19 21:49:18 2003 as: nmap −sS −O −oN nmap2.log 19
Interesting ports on 192.168.0.19:
(The 1597 ports scanned but not shown below are in state: closed)
Port
State
Service
22/tcp
open
ssh
25/tcp
open
smtp
80/tcp
open
http
143/tcp
open
imap2
Remote operating system guess: Sega Dreamcast

# Nmap run completed at Wed Feb 19 21:49:23 2003 −− 1 IP address (1 host up) scanned in 5.886 s
/* Our new OS identification */
id "Dreamcast";
/* only incoming packets will be mangled and TCP window sizes will not be changed*/
tcp {
incoming yes;
outgoing no;
max−window 32768;
}
/* We need to emulate the Dreamcast ISN time dependant generator; this can be done with the fix
tcp_isn {
type fixed−inc 2;
initial−value random;
}
tcp_options {
keep−unknown yes;
keep−unused no;
isolated−packets yes;
code { copy(mss); }
}
/* now we have to follow nmap Dreamcast signature and answer like a Dreamcast */
tcp_decoy {
code {
if (option(mss)) { /* nmap has mss on all of its pkts */
set(df, 0);
if (listen) {
if (flags(syn&ece)) { /* nmap test 1 */
set(win, 0x1D4C);
set(ack, this + 1);
set(flags, ack|syn);
insert(mss, this+1);
reply;
}
if (flags(null)) { /* nmap test 2 */
set(win, 0);
set(ack, this);
set(flags, ack|rst);
reply;
}
if (flags(syn&fin&urg&push)) { /* nmap test 3 */
set(win, 0x1D4C);
set(ack, this + 1);
set(flags, ack|syn);
insert(mss, this+1);
reply;
}
if (ack(0) && flags(ack) && !flags(syn|push|urg|rst)) { /* nmap test 4 */
set(win, 0);
set(ack, this);
set(flags, rst);
reply;
}
} else {
set(win, 0);
if (flags(syn) && !flags(ack)) { /* nmap test 5 */
set(ack, this);
set(flags, ack|rst);
reply;
}
if (ack(0) && flags(ack) && !flags(syn|push|urg|rst)) { /* nmap test 6 */
set(ack, this);
set(flags, rst);
reply;
}
if (flags(fin&push&urg)) { /* nmap test 7 */
set(ack, this + 1);
set(flags, ack|rst);
reply;
}
}
}
}
}
/* No ICMP resonse for connections to closed UDP ports */
udp_unreach {
reply no;
df no;
max−len 56;
tos 0;
mangle−original {
ip−len 32;
ip−id same;
ip−csum zero;
udp−len 308;
udp−csum same;
udp−data same;
}
}

Advertisements