Application-based fingerprinting ?

From: Anders Thulin (
Date: 02/04/03

  • Next message: Nicob: "Re: Identify OS?"
    Date: Tue, 04 Feb 2003 08:22:02 +0100
    From: Anders Thulin <>


       Fingerprinting a TCP stack seems a fairly well understood technique by
    now, and there are several tools, more or less developed, for
    the task: nmap, ring, ICMP-based techniques, etc.

       A recent glance over the output from a dozen different finger
    servers suggests that fingerprinting might be done fairly well on
    application level, too, although possibly not always as exactly as
    for TCP/IP-based techniques: applications are easier to move around
    than TCP stacks are.

       Have there been any attempts to explore this area further?
    I've googled around, but not found anything obvious, except
    for observations of some fingerprints, such as responses to
    DNS SERVER_STATUS_REQUEST (a few respond with something else
    than 'not implemented'), and so on.

    Anders Thulin   040-661 50 63	
    Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see: