On Tue, Feb 04, 2003 at 08:22:02AM +0100, Anders Thulin wrote: > Hi! > > Fingerprinting a TCP stack seems a fairly well understood technique by > now, and there are several tools, more or less developed, for > the task: nmap, ring, ICMP-based techniques, etc. > > A recent glance over the output from a dozen different finger > servers suggests that fingerprinting might be done fairly well on > application level, too, although possibly not always as exactly as > for TCP/IP-based techniques: applications are easier to move around > than TCP stacks are. > > Have there been any attempts to explore this area further? > I've googled around, but not found anything obvious, except > for observations of some fingerprints, such as responses to > DNS SERVER_STATUS_REQUEST (a few respond with something else > than 'not implemented'), and so on. http://packetstormsecurity.org/papers/os-detection/osdetect-perl.txt http://packetstormsecurity.org/papers/os-detection/osdetect-lpd.txt http://packetstormsecurity.org/UNIX/misc/lpdfp.tar.gz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 12:39:56 PST