Re: Application-based fingerprinting ?
From: Bill Pennington (billp@boarder.org)
Date: 02/04/03
- Previous message: Chris Reining: "Re: Application-based fingerprinting ?"
- In reply to: Anders Thulin: "Application-based fingerprinting ?"
- Next in thread: Joris De Donder: "Re: Application-based fingerprinting ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 Feb 2003 10:18:47 -0800 To: Anders Thulin <Anders.Thulin@kiconsulting.se> From: Bill Pennington <billp@boarder.org>
Jeremiah Grossman did a talk at BlackHat Singapore on Web Server
fingerprinting. You can find it here -
http://www.whitehatsec.com/presentations.html
I also recall a tool that did the same for BIND servers but I can't
remember its name right now.
On Monday, February 3, 2003, at 11:22 PM, Anders Thulin wrote:
> Hi!
>
> Fingerprinting a TCP stack seems a fairly well understood technique
> by
> now, and there are several tools, more or less developed, for
> the task: nmap, ring, ICMP-based techniques, etc.
>
> A recent glance over the output from a dozen different finger
> servers suggests that fingerprinting might be done fairly well on
> application level, too, although possibly not always as exactly as
> for TCP/IP-based techniques: applications are easier to move around
> than TCP stacks are.
>
> Have there been any attempts to explore this area further?
> I've googled around, but not found anything obvious, except
> for observations of some fingerprints, such as responses to
> DNS SERVER_STATUS_REQUEST (a few respond with something else
> than 'not implemented'), and so on.
>
> --
> Anders Thulin anders.thulin@kiconsulting.se 040-661 50 63
> Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden
>
>
> -----------------------------------------------------------------------
> -----
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see:
> https://alerts.securityfocus.com/
>
>
--- Bill Pennington, CISSP, CCNA Senior Information Security Engineer WhiteHat Security Inc. http://www.whitehatsec.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Next message: Rod Strader: "Routes that are susceptible to SNMP"
- Previous message: Chris Reining: "Re: Application-based fingerprinting ?"
- In reply to: Anders Thulin: "Application-based fingerprinting ?"
- Next in thread: Joris De Donder: "Re: Application-based fingerprinting ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
