A friend (hey Chris) and I did some noodling with DNS server responses to fingerprint versions of bind and other DNS implementations at a very granular level. Setting values in zeroed, unused or reserved fields would result in different responses from different versions of bind. It appeared fruitful but we never dove in to the point of developing a full fingerprint database and scanning code. I also recently saw a paper (and tool) on fingerprinting IPSec implementations based on IKE timeout/retry intervals. Some web scanning tools do a certain amount of fingerprinting as well rather than trusting the header response. It is definitely an area worth exploring. -paul ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 12:41:29 PST