X White Paper Released

From: Ofir Arkin (ofir@sys-security.com)
Date: Mon Aug 13 2001 - 21:09:53 PDT

Next message: J. Bol: "Re: Winnt/Win2k Vuln ?"

Previous message: sween: "Re: Winnt/Win2k Vuln ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,

We are happy to announce the availability of X white paper.

This follows our release of Xprobe the tool (now version 0.0.1p1). The
White paper explains the reasons, design, techniques used and logic
behind the tool, as well as future directions and thoughts. 


"X is a logic which combines various remote active operating system
fingerprinting methods using the ICMP protocol, which were discovered
during the "ICMP Usage in Scanning" research project, into a simple,
fast, efficient and a powerful way to detect an underlying operating
system a targeted host is using. 

Xprobe is a tool written and maintained by Fyodor Yarochkin
(fygraveat_private) and Ofir Arkin (ofir@sys-security.com) that
automates X.

Why X?
X is a very accurate logic. 

Xprobe is an alternative to some tools which are heavily dependent upon
the usage of the TCP protocol for remote active operating system
fingerprinting. This is especially true when trying to identify some
Microsoft based operating systems, when TCP is the protocol being used
with the fingerprinting process. Since the TCP implementation with
Microsoft Windows 2000 and Microsoft Windows ME, and with Microsoft
Windows NT 4 and Microsoft Windows 98/98SE are so close, usually when
using the TCP protocol with a remote active operating systems
fingerprinting process we are unable to differentiate between these
Microsoft based operating system groups.  And this is only an example. 

As we will demonstrate the number of datagrams we need to send and
receive in order to remotely fingerprint a targeted machine with X is
small. Very small. In fact we can send one datagram and receive one
reply and this will help us identify up to eight different operating
systems (or groups of operating systems). The maximum datagrams the tool
will send is four. This is the same number of replies we will need. This
makes Xprobe very fast as well..."

The White paper can be downloaded from:
http://www.sys-security.com/archive/papers/X_v1.0.pdf [~321k]
http://www.sys-security.com/archive/papers/X_v1.0.zip [~169k]

X Homepage:
http://www.sys-security.com/html/projects/X.html

Xprobe Download:
http://www.sys-security.com/archive/tools/X/xprobe-0.0.1p1.tar.gz [~49k]


Any suggestions and remarks are more than welcomed.


Ofir Arkin [ofir@sys-security.com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA


Fyodor Yarochkin 
[fygraveat_private]
PGP 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1

Next message: J. Bol: "Re: Winnt/Win2k Vuln ?"
Previous message: sween: "Re: Winnt/Win2k Vuln ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 20:34:19 PDT