Anders Thulin wrote: > Hi! > > Fingerprinting a TCP stack seems a fairly well understood technique by > now, and there are several tools, more or less developed, for > the task: nmap, ring, ICMP-based techniques, etc. > > A recent glance over the output from a dozen different finger > servers suggests that fingerprinting might be done fairly well on > application level, too, although possibly not always as exactly as > for TCP/IP-based techniques: applications are easier to move around > than TCP stacks are. > > Have there been any attempts to explore this area further? > I've googled around, but not found anything obvious, except > for observations of some fingerprints, such as responses to > DNS SERVER_STATUS_REQUEST (a few respond with something else > than 'not implemented'), and so on. > There's also the issue of knowing "what's listening in an open port". Sample: web servers in ports 41254 or ldap servers on port 46254. Amap can do this kind of fingerprinting (http://www.thehackerschoice.com/releases.php) and so does Nessus with the find_service plugin #10330 (http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-plugins/plugins/find_service/). You might want to take a look at these too. Javi ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 07:22:04 PST