Fingerprint package

Hello, openwrt!I have tp-link wr1043n v5. Today I used it as proxy and got next problem:65
This image was created from several fingerprints-check sites. Dropbear was used, proxy redirecting getting from Birvise Ssh client. I am working with Adwords and time-by-time should to use proxy. So, is any opportunity to change this? Should I to check the kernel or something?

Best regards,
Kevin

And the issue is...?

1 Like

I need to change fingerprint from linux to any I want (Windows, for example), because Adwords is very skeptical of such a phenomenon:))

Which proxy are you using? Does it identify itself?

Its classical ssh
Yes, it does(identify), because of linux distributive. So, I heard, that Linux fingerprint can be changed, but how?

So, looks like they are fingerprinting the kernel... sorry, but I do not know how to do that.

I'd assume that port 22 is open and they portscan your network and get the fingerprint that way. Close all ports via WAN (except SSH) and change SSH port to some random but big number and it should prevent fingerprinting...

Closed already. Ssh port is 22022, no other port is opened. Probably, it seems really kernel attribute:((

https://ipleak.net/ - compare results with and without poxy and find the difference.

No difference is there. I am always checking my ip on whatleaks.com (much of most accurate) and I can see next:
1 2
1st image - ssh on, 2nd - ssh off. Its linux attribute and I heard that it can be fixed by changing the kernel parametres (ImageBuilder or custom package)

http://lcamtuf.coredump.cx/p0f3/
So you need to compare your PC and router fingerprints.
And then hack your router to match PC fingerprint.
I'm not sure it's feasible without kernel and network stack patching...

It becomes more interesting , waow
So, I will be looking in that way
Thanks!

By "passive OS fingerprint" I understand that they do not probe for open ports, just analyze the packets received... this is not going to be easy.

1 Like

"Not easy" is perhaps an understatement. The TCP/IP stacks have certain behaviors that "fingerprint" them and can't be overridden through configuration alone. See, for example

3 Likes

so, I need to change somehow packet size?

What you are asking to do changes the TCP/IP stack of the kernel in very fundamental ways. It is not something that is easily undertaken, even by those intimately familiar with how TCP/IP works and with the specific implementation in the kernel. Any changes at such a low level would require extensive testing to ensure that TCP/IP had not been broken in some unexpected way.

"Privacy extensions" have been proposed and implemented for some older protocols that have significant weaknesses or releases of information. What is the concern that you have?

I just wanted to know, how easy or hard it can be. Also, I really like to do smthing, kind of network enthusiast:)
Got it, thanks for your answers and supporting!

Passive Fingerprint is like watching the traffic from your computer and deciding what kind of computer you have because of things like:

  1. Timing of ACKS
  2. Behavior of TCP Window
  3. Choice of TCP Options
  4. Congestion Control Algorithm in use
  5. etc etc etc

So, if you completely reimplement the networking stack of Linux from scratch, then yes, you can make it work like Windows and then passive fingerprinting will decide you are a windows machine.

In other words, no.

1 Like