Xprobe 0.0.2 Released

From: Ofir Arkin (ofir@sys-security.com)
Date: Wed Oct 24 2001 - 18:10:54 PDT

Next message: Cdowns: "Auditing NT and UNIX Webserver Logfiles"

Previous message: Roger Safian: "Call for Papers - FIRST 2002 - 2nd notice"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We would like to announce the availability of Xprobe version 0.0.2.
You can download our latest version from:
http://www.sys-security.com/archive/tools/X/xprobe-0.0.2.tar.gz 

Written and maintained by Fyodor Yarochkin and Ofir Arkin, Xprobe is an
Active OS fingerprinting tool based on Ofir Arkin's ICMP Usage in
Scanning Research project (http://www.sys-security.com).     


Supported Platforms:
- Linux Kernel 2.0.x, 2.2.x, 2.4.x
- FreeBSD 4.x
- NetBSD 1.4.x, 1.5.x
- OpenBSD 2.x
- Sun Solaris 2.x
- IRIX


Dependencies:
libpcap


Changes from version 0.0.1p1:
- Fixed a bug that prevented the correct identification of Microsoft
Windows ME and Microsoft Windows 98/98SE.
- A logging option have been added using the -o <file> option you can
now log the results to a file for further processing.
- You can now specify a receiving time out using the -t option.
- Added support for IBM OS/390, SunOS 4.x, and Microsoft Windows XP
(TCP/IP stack is looking exactly the same as with Microsoft Windows
2000, with ICMP).
- Added support for compilation under IRIX.
- Bugs and Code sweeps were performed.
- The tool and the man page now carry the name of Xprobe.
 

Documentation:
Xprobe is documented in a white paper we released called "X remote ICMP
based OS fingerprinting techniques" (X is the logic behind the tool),
available from http://www.sys-security.com/html/projects/X.html.  


Known Limitations:
Xprobe 0.0.2 identifies a limited number of operating systems (all
current operating system included) and networking devices (a full list
is available in the README file). 

We are planning to release version 0.1 which will support a signature
database in the Black Hat Briefings Europe 2001 held in the Krasnapolsky
Hotel in Amsterdam 21-22 November 2001 (http://www.blackhat.com).  


How to use:
See manual for details. A quick hint:

xprobe [options] hostname[/netmask] (and watch the output).

available options:

-h [help]
-v be verbose
-i <interface> run on interface (needed if wrong interface is choosen)
-p <portnum>   use <portnum> udp port for udp probe.
-o logfile     log everything into a logfile. (default: stderr).
-t timeout     receive timeout (seconds)



Fyodor Yarochkin
fygraveat_private


Ofir Arkin [ofir@sys-security.com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA

Next message: Cdowns: "Auditing NT and UNIX Webserver Logfiles"
Previous message: Roger Safian: "Call for Papers - FIRST 2002 - 2nd notice"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 18:19:20 PDT