One that I am aware of: "Detecting and Defending against Web-Server Fingerprinting" discusses methods of fingerprinting web servers. http://www.acsac.org/2002/abstracts/96.html sky > -----Original Message----- > From: Anders Thulin [mailto:Anders.Thulinat_private] > Sent: Monday, February 03, 2003 11:22 PM > To: pen-testat_private > Subject: Application-based fingerprinting ? > > > Hi! > > Fingerprinting a TCP stack seems a fairly well understood > technique by now, and there are several tools, more or less > developed, for the task: nmap, ring, ICMP-based techniques, etc. > > A recent glance over the output from a dozen different > finger servers suggests that fingerprinting might be done > fairly well on application level, too, although possibly not > always as exactly as for TCP/IP-based techniques: > applications are easier to move around than TCP stacks are. > > Have there been any attempts to explore this area further? > I've googled around, but not found anything obvious, except > for observations of some fingerprints, such as responses to > DNS SERVER_STATUS_REQUEST (a few respond with something else > than 'not implemented'), and so on. > > -- > Anders Thulin anders.thulinat_private 040-661 50 63 > Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden > > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) Service. For more information on > SecurityFocus' SIA service which automatically alerts you to > the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 12:40:24 PST