yelloweye
2014-08-08, 08:32
http://www.leviathansecurity.com/wp-content/uploads/uninformed_v3a3.pdf :grandpa:
Protection against and detecting fingerprinting
Protection against the fingerprint doorway to attack is achieved by limiting the type and amount of traffic a defensive system responds to. Examples include blocking address masks and timestamps from outgoing ICMP control-message traffic, and blocking ICMP echo replies. A security tool can alert to potential fingerprinting: it can match another machine as having a fingerprinter configuration by detecting its fingerprint.[4]
Disallowing TCP/IP fingerprinting provides protection from vulnerability scanners looking to target machines running a certain operating system. Fingerprinting facilitates attacks. Blocking those ICMP messages is only one of an array of defenses required for full protection against attacks.[5]
Targeting the ICMP datagram, an obfuscator running on top of IP in the internet layer acts as a "scrubbing tool" to confuse the TCP/IP fingerprinting data. These exist for MS Windows,[6] Linux,[7] FreeBSD,.[8]
Fingerprinting tools:
A list of TCP/OS Fingerprinting Tools
Ettercap – passive TCP/IP stack fingerprinting.
NetworkMiner – passive DHCP and TCP/IP stack fingerprinting (combines p0f, Ettercap and Satori databases)
Nmap – comprehensive active stack fingerprinting.
p0f – comprehensive passive TCP/IP stack fingerprinting.
NetSleuth – free passive fingerprinting and analysis tool
PacketFence[9] – open source NAC with passive DHCP fingerprinting.
PRADS – Passive comprehensive TCP/IP stack fingerprinting and service detection
Satori – passive CDP, DHCP, ICMP, HPSP, HTTP, TCP/IP and other stack fingerprinting.
SinFP – single-port active/passive fingerprinting.
XProbe2 – active TCP/IP stack fingerprinting.
Device Fingerprint Website[10] - Displays the passive TCP SYN fingerprint of your browser's computer (or intermediate proxy)
queso - well-known tool from the late 1990s which is no longer being updated for modern operating systems
References:
"Know Your Enemy: Passive Fingerprinting". Project.honeynet.org. Retrieved 2011-11-25.
Chuvakin A. and Peikari, C: "Security Warrior.", page 229. O'Reilly Media Inc., 2004.
"Passive OS Fingerprinting, NETRESEC Network Security Blog". Netresec.com. 2011-11-05. Retrieved 2011-11-25.
"iplog". Retrieved 2011-11-25.
"OS detection not key to penetration". Seclists.org. Retrieved 2011-11-25.
"OSfuscate". Irongeek.com. 2008-09-30. Retrieved 2011-11-25.
Carl-Daniel Hailfinger, carldani@4100XCDT. "IPPersonality". Ippersonality.sourceforge.net. Retrieved 2011-11-25.
"Defeating TCP/IP stack fingerprinting". Usenix.org. 2002-01-29. Retrieved 2011-11-25.
"PacketFence". PacketFence. 2011-11-21. Retrieved 2011-11-25.
http://noc.to
External links:
Remote OS detection via TCP/IP Stack FingerPrinting (2nd Generation)
http://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting
http://akademie.dw.de/digitalsafety/wp-content/uploads/2013/11/fingerprint.jpg
Protection against and detecting fingerprinting
Protection against the fingerprint doorway to attack is achieved by limiting the type and amount of traffic a defensive system responds to. Examples include blocking address masks and timestamps from outgoing ICMP control-message traffic, and blocking ICMP echo replies. A security tool can alert to potential fingerprinting: it can match another machine as having a fingerprinter configuration by detecting its fingerprint.[4]
Disallowing TCP/IP fingerprinting provides protection from vulnerability scanners looking to target machines running a certain operating system. Fingerprinting facilitates attacks. Blocking those ICMP messages is only one of an array of defenses required for full protection against attacks.[5]
Targeting the ICMP datagram, an obfuscator running on top of IP in the internet layer acts as a "scrubbing tool" to confuse the TCP/IP fingerprinting data. These exist for MS Windows,[6] Linux,[7] FreeBSD,.[8]
Fingerprinting tools:
A list of TCP/OS Fingerprinting Tools
Ettercap – passive TCP/IP stack fingerprinting.
NetworkMiner – passive DHCP and TCP/IP stack fingerprinting (combines p0f, Ettercap and Satori databases)
Nmap – comprehensive active stack fingerprinting.
p0f – comprehensive passive TCP/IP stack fingerprinting.
NetSleuth – free passive fingerprinting and analysis tool
PacketFence[9] – open source NAC with passive DHCP fingerprinting.
PRADS – Passive comprehensive TCP/IP stack fingerprinting and service detection
Satori – passive CDP, DHCP, ICMP, HPSP, HTTP, TCP/IP and other stack fingerprinting.
SinFP – single-port active/passive fingerprinting.
XProbe2 – active TCP/IP stack fingerprinting.
Device Fingerprint Website[10] - Displays the passive TCP SYN fingerprint of your browser's computer (or intermediate proxy)
queso - well-known tool from the late 1990s which is no longer being updated for modern operating systems
References:
"Know Your Enemy: Passive Fingerprinting". Project.honeynet.org. Retrieved 2011-11-25.
Chuvakin A. and Peikari, C: "Security Warrior.", page 229. O'Reilly Media Inc., 2004.
"Passive OS Fingerprinting, NETRESEC Network Security Blog". Netresec.com. 2011-11-05. Retrieved 2011-11-25.
"iplog". Retrieved 2011-11-25.
"OS detection not key to penetration". Seclists.org. Retrieved 2011-11-25.
"OSfuscate". Irongeek.com. 2008-09-30. Retrieved 2011-11-25.
Carl-Daniel Hailfinger, carldani@4100XCDT. "IPPersonality". Ippersonality.sourceforge.net. Retrieved 2011-11-25.
"Defeating TCP/IP stack fingerprinting". Usenix.org. 2002-01-29. Retrieved 2011-11-25.
"PacketFence". PacketFence. 2011-11-21. Retrieved 2011-11-25.
http://noc.to
External links:
Remote OS detection via TCP/IP Stack FingerPrinting (2nd Generation)
http://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting
http://akademie.dw.de/digitalsafety/wp-content/uploads/2013/11/fingerprint.jpg