fix(os_fingerprint): set ip_no_pmtu_disc=1 for windows to eliminate TI=Z

When ip_no_pmtu_disc=0 the Linux kernel sets DF=1 on TCP packets and uses IP ID=0 (RFC 6864). nmap's TI=Z fingerprint has no Windows match in its DB, causing 91% confidence guesses of 'Linux 2.4/2.6 embedded' regardless of TTL being 128. Setting ip_no_pmtu_disc=1 allows non-zero IP ID generation. Trade-off: DF bit is not set on outgoing packets (slightly wrong for Windows) but TI=Z is far more damaging to the spoof than losing DF accuracy.
2026-04-10 16:19:32 -04:00
parent 5fdfe67f2f
commit b1f6c3b84a
2 changed files with 5 additions and 3 deletions
--- a/decnet/os_fingerprint.py
+++ b/decnet/os_fingerprint.py
@@ -48,7 +48,7 @@ OS_SYSCTLS: dict[str, dict[str, str]] = {
        "net.ipv4.tcp_window_scaling": "1",
        "net.ipv4.tcp_sack": "1",
        "net.ipv4.tcp_ecn": "0",
-        "net.ipv4.ip_no_pmtu_disc": "0",
+        "net.ipv4.ip_no_pmtu_disc": "1",   # avoid TI=Z: forces non-zero IP IDs
        "net.ipv4.tcp_fin_timeout": "30",
    },
    "bsd": {