linux is not allowed. period.
im not running windows for them
so is there any way at all that someone can tell you run linux?
Novell network, using DHCP. they do have the hardware address for the NIC.
im trying to close the two ports i saw open, printer and X.
what about the RedHat release file that packages look at to see what release you have?

anything else i need to be carefull of?

The HTTP_USER_AGENT may give you away when using i.e. Netscape. I know you can customize this parameter in Opera, and maybe also in Mozilla?

Was any reason given for 'banning' Linux on your network :confused:

Cheers :)

Originally posted by Choozo:
<STRONG>The HTTP_USER_AGENT may give you away when using i.e. Netscape. I know you can customize this parameter in Opera, and maybe also in Mozilla?

Was any reason given for 'banning' Linux on your network :confused:

Cheers :)</STRONG>

i think the reason is they dont want to support it, but from someone else whos been on it awhile, he said they actually get pretty mean about it anyways.

You shouldn't have to worry about Novell unless you plan on using a nwclient for Linux which would include ipx and ncpfs.

If you just install Redhat and setup using dhcp, you should be ok.

Now if they have Unix nodes and you have chooser broadcast enabled in /etc/X11/gdm/Xaccess then they may be able to detect your Linux installation.

If they do a portscan with a TCP/IP fingerprint fo OS's they figure it out in no time.

what if i ran vmware on with windows, and used windows to do network things, login, etc?
would samba do any good?

nmap's -O option will betray your OS, but only if you have the right ports open. The trick is to trick -O into thinking you run windows. This is easy, run a null daemon (a server that does nothing) on port 139 (NetBIOS), and any attempts to discover your OS should report you using windows. Make sure you don't run any actual servers though, if you do it might give you away (your sysadmin would get mighty suspicious of you if he logged into your port 25 and saw you were running sendmail, a *nix-only program).

Also, don't use Opera. Opera lets you change the HTTP_USER_AGENT, but it will still say you are using linux (If you tell it to mask you as IE5, your user agent string will be really lame. I don't remember exactly, but it'll be something that basically look like "MSIE5.0, on Linux... no wait, it's Opera!"). I'm pretty sure Mozilla lets you actually edit the string, so you can get the string from some windows user and make Mozilla look exactly the same. Then every website you visit would think you are running IE5 (or whatever) on Windows.

I think that about covers it.

If there was a *smart* person looking over the network looking for a non windows computer they would probably find you no matter what you did, I know I would, the only exception is if you ran vmware on a win2k and ran linux on that but then you wouldn't really be running linux you'd be running win2k :)

If there aren't any smart people doing this I wouldn't worry about it after the precautions you've taken.

why dont you have ipchains running and it block all except all necessary ports.

or have the same ports open as a windows box would have.

dont run apache/sendmail/wuftp if you dont wanna get caught

what kind of work do you do

Originally posted by Rob 'Feztaa' Park:
<STRONG>(your sysadmin would get mighty suspicious of you if he logged into your port 25 and saw you were running sendmail, a *nix-only program)</STRONG>

Somebody ported Sendmail to Windows. It's pretty easy to do with Cygwin.

Pretty horrible, I know. We live in a screwed-up world.

That was just a side note. Anyway, I wouldn't worry too much. I seriously doubt that any serious effort is going to go into doing OS fingerprinting of all the machines on the network. Probably the admin just doesn't want people calling the help desk saying "How do I get my mouse to work in X??" Admins also use the excuse that they don't want people hosting child-porn FTP and HTTP servers on the school network, and of course, we ALL know that there's no way to run an FTP or HTTP server on Windows, right? Anyway, people are stupid.

this is easy, run a null daemon (a server that does nothing) on port 139 (NetBIOS), and any attempts to discover your OS should report you using windows.

Is any OS fingerprinting system so stupid that it would do that? NMAP's sure isn't. If it was, any machine running Samba would be a Windows machine. There may be some really, really, stupid OS fingerprinters out there, but NMAP isn't one.

If you want the real truth form the real author of NMAP (who I think might know a bit about how NMAP's OS fingerprinting works), read the de-facto article on OS fingerprinting (http://www.insecure.org/nmap/nmap-fingerprinting-article.html) by Fyodor, author of NMAP.

OS fingerprinting using things like ICMP error rate quenching, ICMP message quoting, the way fragmented and other malformed packets are handled, and many, many other things -- it has nothing to do with what ports are open.

Jeez.