IP PersonalityHome | News | Documentation | Download | Development | Contact

What is it ? How does it work ?

The Linux IP Personality patch adds to your Linux 2.4 kernel the ability to have different 'personalities' network wise, that is to change some characteristics of its network traffic, depending on different parameters (anything you can specify in an iptables rule: src/dst IP address, TCP or UDP port, etc.)

The characteristics that can be changed are:

  • TCP Initial Sequence Number (ISN)
  • TCP initial window size
  • TCP options (their types, values and order in the packet)
  • IP ID numbers
  • answers to some pathological TCP packets
  • answers to some UDP packets
They are deeply configurable.

This patch relies on the wonderful framework created by Rusty Russel: netfilter. More precisely, the patch adds a new iptables target (in a kernel module) that can be used in the mangle table with a (patched) iptables. This target is very configurable. See the documentation section for more details on how it works.

Why would you need this ?

If you ask this, then you don't. ;-)

The primary objective of this patch is to counter network fingerprinting techniques, as described in Fyodor's article.

Fyodor is the author of nmap, the famous port scanner that has a powerful remote OS detection engine. IP Personality can fool current versions of nmap, and is very configurable, so that it can probably fool any similar tool. The patch allows one to emulate the behaviour of any system listed in nmap's list of OS fingerprints. Some of its features can even be applied to routed traffic, and thus disturb scans directed to machines that are behind it. Some features (eg TCP ISN rewriting) can also be used to improve overall network security.

Authors and license

The IP Personality patch has been developed by Gaël Roualland and Jean-Marc Saffroy, as an end of studies project at ENSEIRB (french engineering school in computer science), under the direction of Anne Facq (CRPP) and Laurent Facq (REAUMUR/Universite Bordeaux I).

It is placed under the GNU General Public License (GPL).

The project is being hosted on SourceForge which provides all the developer facilities (project page).SourceForge Logo