RE: Application-based fingerprinting ?

From: Skyler King (sking@zonelabs.com)
Date: 02/04/03

  • Next message: Eugene Tsyrklevich: "Re: Application-based fingerprinting ?"
    From: Skyler King <sking@zonelabs.com>
    To: "'Anders Thulin'" <Anders.Thulin@kiconsulting.se>, pen-test@securityfocus.com
    Date: Tue, 4 Feb 2003 10:41:33 -0800 
    
    

    One that I am aware of:

    "Detecting and Defending against Web-Server Fingerprinting" discusses
    methods of fingerprinting web servers.

    http://www.acsac.org/2002/abstracts/96.html

    sky

    > -----Original Message-----
    > From: Anders Thulin [mailto:Anders.Thulin@kiconsulting.se]
    > Sent: Monday, February 03, 2003 11:22 PM
    > To: pen-test@securityfocus.com
    > Subject: Application-based fingerprinting ?
    >
    >
    > Hi!
    >
    > Fingerprinting a TCP stack seems a fairly well understood
    > technique by now, and there are several tools, more or less
    > developed, for the task: nmap, ring, ICMP-based techniques, etc.
    >
    > A recent glance over the output from a dozen different
    > finger servers suggests that fingerprinting might be done
    > fairly well on application level, too, although possibly not
    > always as exactly as for TCP/IP-based techniques:
    > applications are easier to move around than TCP stacks are.
    >
    > Have there been any attempts to explore this area further?
    > I've googled around, but not found anything obvious, except
    > for observations of some fingerprints, such as responses to
    > DNS SERVER_STATUS_REQUEST (a few respond with something else
    > than 'not implemented'), and so on.
    >
    > --
    > Anders Thulin anders.thulin@kiconsulting.se 040-661 50 63
    > Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden
    >
    >
    > --------------------------------------------------------------
    > --------------
    > This list is provided by the SecurityFocus Security
    > Intelligence Alert (SIA) Service. For more information on
    > SecurityFocus' SIA service which automatically alerts you to
    > the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/



    Relevant Pages

    • Re: Application-based fingerprinting ?
      ... > Fingerprinting a TCP stack seems a fairly well understood technique ... > SecurityFocus' SIA service which automatically alerts you to the ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Application-based fingerprinting ?
      ... Fingerprinting a TCP stack seems a fairly well understood technique by ... nmap, ring, ICMP-based techniques, etc. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: Application-based fingerprinting ?
      ... > Fingerprinting a TCP stack seems a fairly well understood technique by ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • Re: Application-based fingerprinting ?
      ... > Fingerprinting a TCP stack seems a fairly well understood technique by ... This list is provided by the SecurityFocus Security Intelligence Alert ...
      (Pen-Test)
    • RE: MS Office Files
      ... You are trying to trace back to a particular machine I ... > This list is provided by the SecurityFocus Security ... > Intelligence Alert Service. ... > SecurityFocus' SIA service which automatically alerts you to ...
      (Pen-Test)