X White Paper Released

From: Ofir Arkin (ofir@sys-security.com)
Date: Mon Aug 13 2001 - 21:09:44 PDT

  • Next message: ansar mohammed: "RE: [PEN-TEST] Deploying a Win32 Sniffer: The Answer"

    Hello all,
    We are happy to announce the availability of X white paper.
    This follows our release of Xprobe the tool (now version 0.0.1p1). The
    White paper explains the reasons, design, techniques used and logic
    behind the tool, as well as future directions and thoughts. 
    "X is a logic which combines various remote active operating system
    fingerprinting methods using the ICMP protocol, which were discovered
    during the "ICMP Usage in Scanning" research project, into a simple,
    fast, efficient and a powerful way to detect an underlying operating
    system a targeted host is using. 
    Xprobe is a tool written and maintained by Fyodor Yarochkin
    (fygraveat_private) and Ofir Arkin (ofir@sys-security.com) that
    automates X.
    Why X?
    X is a very accurate logic. 
    Xprobe is an alternative to some tools which are heavily dependent upon
    the usage of the TCP protocol for remote active operating system
    fingerprinting. This is especially true when trying to identify some
    Microsoft based operating systems, when TCP is the protocol being used
    with the fingerprinting process. Since the TCP implementation with
    Microsoft Windows 2000 and Microsoft Windows ME, and with Microsoft
    Windows NT 4 and Microsoft Windows 98/98SE are so close, usually when
    using the TCP protocol with a remote active operating systems
    fingerprinting process we are unable to differentiate between these
    Microsoft based operating system groups.  And this is only an example. 
    As we will demonstrate the number of datagrams we need to send and
    receive in order to remotely fingerprint a targeted machine with X is
    small. Very small. In fact we can send one datagram and receive one
    reply and this will help us identify up to eight different operating
    systems (or groups of operating systems). The maximum datagrams the tool
    will send is four. This is the same number of replies we will need. This
    makes Xprobe very fast as well..."
    The White paper can be downloaded from:
    http://www.sys-security.com/archive/papers/X_v1.0.pdf [~321k]
    http://www.sys-security.com/archive/papers/X_v1.0.zip [~169k]
    X Homepage:
    Xprobe Download:
    http://www.sys-security.com/archive/tools/X/xprobe-0.0.1p1.tar.gz [~49k]
    Any suggestions and remarks are more than welcomed.
    Ofir Arkin [ofir@sys-security.com]
    The Sys-Security Group
    PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
    Fyodor Yarochkin 
    PGP 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 11:13:56 PDT