RE: TCP timestamp & advanced fingerprinting

From: Bruce Klein (bruce.klein_at_iovation.com)
Date: 03/25/05

  • Next message: cyber_flash_at_hotmail.com: "Brute-Force scanning the entire 32-bit IP space using Javascript." 
    Date: Fri, 25 Mar 2005 12:34:51 -0800
To: "Erwan Arzur" <erwan@lse.epita.fr>, <bugtraq@securityfocus.com>

    How does this compare with [Prs2002] Clock Deviation/Skew as a
    Forensics/Tracking Tool research done by Tadayoshi Kohno.

    http://www.cse.ucsd.edu/users/tkohno/

    Bruce Klein
    iovation, Inc.

    -----Original Message-----
    From: Erwan Arzur [mailto:erwan@lse.epita.fr]
    Sent: Friday, March 25, 2005 6:05 AM
    To: bugtraq@securityfocus.com
    Subject: TCP timestamp & advanced fingerprinting

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hello,

    attached is a paper from one of our students about using the TCP
    timestamps in TCP headers as a fingerprinting tip, which can ultimately
    be used for mapping networks behind firewalls.

    Erwan Arzur
    EPITA/EPITECH systems Laboratory
    http://www.lse.epita.fr/
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFCRBp5tchshDF9KNYRApEaAJ9Cx+AfvdFyHMll4nBo3ZCrPRzK8ACfasSP
    Wkx5F+xTG9+BGD/wmWFeOBM=
    =2T62
    -----END PGP SIGNATURE-----
      

    The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this email message in error, please notify the sender by reply email and delete the message and any attachments.

  • Next message: cyber_flash_at_hotmail.com: "Brute-Force scanning the entire 32-bit IP space using Javascript."

    Relevant Pages

    • Re: Help with Iptables on with RH linux
      ... If it was supposed to be tcp, I have reservations about that too. ... OUTPUT is the first chain that packets originating on your firewall will ... Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org ...
      (RedHat)
    • Re: TCP/IP questions
      ... Can you change the timeout for a tcp connection? ... the delay as far as TCP is concerned the connection was never lost.... ... That request is oxymornic in the sense that the only diff between udp ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
      (freebsd-questions)