Re: Application-based fingerprinting ?

From: Bill Pennington (billp@boarder.org)
Date: 02/04/03

  • Next message: Rod Strader: "Routes that are susceptible to SNMP"
    Date: Tue, 4 Feb 2003 10:18:47 -0800
    To: Anders Thulin <Anders.Thulin@kiconsulting.se>
    From: Bill Pennington <billp@boarder.org>
    
    

    Jeremiah Grossman did a talk at BlackHat Singapore on Web Server
    fingerprinting. You can find it here -
    http://www.whitehatsec.com/presentations.html

    I also recall a tool that did the same for BIND servers but I can't
    remember its name right now.

    On Monday, February 3, 2003, at 11:22 PM, Anders Thulin wrote:

    > Hi!
    >
    > Fingerprinting a TCP stack seems a fairly well understood technique
    > by
    > now, and there are several tools, more or less developed, for
    > the task: nmap, ring, ICMP-based techniques, etc.
    >
    > A recent glance over the output from a dozen different finger
    > servers suggests that fingerprinting might be done fairly well on
    > application level, too, although possibly not always as exactly as
    > for TCP/IP-based techniques: applications are easier to move around
    > than TCP stacks are.
    >
    > Have there been any attempts to explore this area further?
    > I've googled around, but not found anything obvious, except
    > for observations of some fingerprints, such as responses to
    > DNS SERVER_STATUS_REQUEST (a few respond with something else
    > than 'not implemented'), and so on.
    >
    > --
    > Anders Thulin anders.thulin@kiconsulting.se 040-661 50 63
    > Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden
    >
    >
    > -----------------------------------------------------------------------
    > -----
    > This list is provided by the SecurityFocus Security Intelligence Alert
    > (SIA)
    > Service. For more information on SecurityFocus' SIA service which
    > automatically alerts you to the latest security vulnerabilities please
    > see:
    > https://alerts.securityfocus.com/
    >
    >

    ---
    Bill Pennington, CISSP, CCNA
    Senior Information Security Engineer
    WhiteHat Security Inc.
    http://www.whitehatsec.com
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    


    Relevant Pages

    • Re: Fingerprinting Windows O/S based on ports open?
      ... finger printing by open default ports is not always ... OS fingerprinting is not as plain and claer cut as it was perhaps a few ... settings in tcp packets. ... >> Looking for a better way to manage your IP security? ...
      (Pen-Test)
    • Re: News from Germany - Swede arrested in Berlin for possession of swastika
      ... sadly with the new German laws under discussion on ... fingerprinting and related biometrics in passports it is believable. ... showing how easy it is to do away with the so-called security on most ...
      (rec.models.scale)
    • Re: fooling version detection
      ... A bit of security through obscurity. ... Fooling OS fingerprinting was decribed many times (e.g. in ...
      (comp.os.linux.security)
    • Re: Can extra processing threads help in this case?
      ... computers installed in the White House. ... after the installation, hordes of NSA-types descended on the White House to track down the ... This is yet a different form of physical security: the early "smart cards" had encryption ... Bandwidth for connected servers, the path of the data, ...
      (microsoft.public.vc.mfc)
    • Re: Need urgent help regarding security
      ... There is plenty of security info out there ... email from even a dozen servers is small. ... an OS version upgrade should not be taken lightly. ... Given that your root password was apparently found on the servers, ...
      (freebsd-questions)