TCP/IP fingerprinting
in [Firewalls]
|
Prev: Lsas.Blaster.Keylooger virus removal
Next: SPAM
From: karthikbalaguru on 19 Dec 2009 08:11 Hi, I understand that certain parameters within TCP protocol definition are set to different default values by different operating systems and this inturn is used for TCP/IP fingerprinting. But, Is there a TCP/IP fingerprint database that tells the relation between the various TCP protocol fields and the corresponding values that might determine the type of Operating System ? Which is the best fingerprinting tool and how far is fingerprinting helpful in safeguarding against attacks ? I searched the internet, i got only fingerprint submission pages, but did not get a database. Any ideas ? Thx in advans, Karthik Balaguru
From: Regis on 20 Dec 2009 21:04 karthikbalaguru <karthikbalaguru79(a)gmail.com> writes: > Hi, > I understand that certain parameters within TCP > protocol definition are set to different default values by > different operating systems and this inturn is used > for TCP/IP fingerprinting. But, Is there a TCP/IP fingerprint > database that tells the relation between the various > TCP protocol fields and the corresponding values > that might determine the type of Operating System ? > > Which is the best fingerprinting tool and how far > is fingerprinting helpful in safeguarding against attacks ? > > I searched the internet, i got only fingerprint submission > pages, but did not get a database. Any ideas ? nmap with the -O switch does very well, and is likely the most used with the biggest fingerprint database. But if there aren't many services responding, take the results with a grain of salt.
From: karthikbalaguru on 2 Jan 2010 00:08 On Dec 21 2009, 7:04 am, Regis <ord...(a)gmail.org> wrote: > karthikbalaguru <karthikbalagur...(a)gmail.com> writes: > > Hi, > > I understand that certain parameters within TCP > > protocol definition are set to different default values by > > different operating systems and this inturn is used > > for TCP/IP fingerprinting. But, Is there a TCP/IP fingerprint > > database that tells the relation between the various > > TCP protocol fields and the corresponding values > > that might determine the type of Operating System ? > > > Which is the best fingerprinting tool and how far > > is fingerprinting helpful in safeguarding against attacks ? > > > I searched the internet, i got only fingerprint submission > > pages, but did not get a database. Any ideas ? > > nmap with the -O switch does very well, and is likely the most used > with the biggest fingerprint database. > Thx for the inputs. > But if there aren't many services responding, take the results with a > grain of salt. Okay ! I came across IceScan, an open source tool (GPL licenced) and a list of tools in the below link also - http://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting#Fingerprinting_tools But, i think just as you told, nmap seems to be excellent !! http://nmap.org/svn/nmap-os-db -> It is indeed very big. Thx, Karthik Balaguru
From: goarilla on 3 Jan 2010 16:22 On Fri, 01 Jan 2010 21:08:24 -0800, karthikbalaguru wrote: > On Dec 21 2009, 7:04 am, Regis <ord...(a)gmail.org> wrote: >> karthikbalaguru <karthikbalagur...(a)gmail.com> writes: >> > Hi, >> > I understand that certain parameters within TCP protocol definition >> > are set to different default values by different operating systems >> > and this inturn is used for TCP/IP fingerprinting. But, Is there a >> > TCP/IP fingerprint database that tells the relation between the >> > various TCP protocol fields and the corresponding values that might >> > determine the type of Operating System ? >> >> > Which is the best fingerprinting tool and how far is fingerprinting >> > helpful in safeguarding against attacks ? >> >> > I searched the internet, i got only fingerprint submission pages, but >> > did not get a database. Any ideas ? >> >> nmap with the -O switch does very well, and is likely the most used >> with the biggest fingerprint database. >> >> > Thx for the inputs. > >> But if there aren't many services responding, take the results with a >> grain of salt. > > Okay ! > > I came across IceScan, an open source tool (GPL licenced) and a list of > tools in the below link also - > http://en.wikipedia.org/wiki/TCP/ IP_stack_fingerprinting#Fingerprinting_tools > But, i think just as you told, nmap seems to be excellent !! > > http://nmap.org/svn/nmap-os-db -> It is indeed very big. > > Thx, > Karthik Balaguru it is the best of its breed
|
Pages: 1 Prev: Lsas.Blaster.Keylooger virus removal Next: SPAM |