Using ipfilter to alter nmap OS detection results

nmap is often used to perform OS detection on remote systems if it cannot be determined by other means. It sends tcp packets which have problems and detects how each handles the errors. By tweaking things in ipflter we can trick nmap into thinking it is dealing with some other OS or be less certain about it’s guess. Some additional resource are usually available in the OS sysctl variables (FreeBSD) and ndd settings (solaris) to help control things also.

Read post