Re: Application-based fingerprinting ?

From: Bill Pennington (billp@boarder.org)
Date: 02/04/03

  • Next message: Rod Strader: "Routes that are susceptible to SNMP"
    Date: Tue, 4 Feb 2003 10:18:47 -0800
    To: Anders Thulin <Anders.Thulin@kiconsulting.se>
    From: Bill Pennington <billp@boarder.org>
    
    

    Jeremiah Grossman did a talk at BlackHat Singapore on Web Server
    fingerprinting. You can find it here -
    http://www.whitehatsec.com/presentations.html

    I also recall a tool that did the same for BIND servers but I can't
    remember its name right now.

    On Monday, February 3, 2003, at 11:22 PM, Anders Thulin wrote:

    > Hi!
    >
    > Fingerprinting a TCP stack seems a fairly well understood technique
    > by
    > now, and there are several tools, more or less developed, for
    > the task: nmap, ring, ICMP-based techniques, etc.
    >
    > A recent glance over the output from a dozen different finger
    > servers suggests that fingerprinting might be done fairly well on
    > application level, too, although possibly not always as exactly as
    > for TCP/IP-based techniques: applications are easier to move around
    > than TCP stacks are.
    >
    > Have there been any attempts to explore this area further?
    > I've googled around, but not found anything obvious, except
    > for observations of some fingerprints, such as responses to
    > DNS SERVER_STATUS_REQUEST (a few respond with something else
    > than 'not implemented'), and so on.
    >
    > --
    > Anders Thulin anders.thulin@kiconsulting.se 040-661 50 63
    > Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden
    >
    >
    > -----------------------------------------------------------------------
    > -----
    > This list is provided by the SecurityFocus Security Intelligence Alert
    > (SIA)
    > Service. For more information on SecurityFocus' SIA service which
    > automatically alerts you to the latest security vulnerabilities please
    > see:
    > https://alerts.securityfocus.com/
    >
    >

    ---
    Bill Pennington, CISSP, CCNA
    Senior Information Security Engineer
    WhiteHat Security Inc.
    http://www.whitehatsec.com
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/