TCP/IP stack fingerprinting: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 11:35, 7 July 2024 edit Smalljim (talk \| contribs) Edit filter managers, Administrators 94,143 edits m Reverted 1 edit by 2001:FB1:15B:8A79:A915:2974:1FF6:20C9 (talk) to last revision by చంద్రుని వైపు ఛార్జ్ చేయండి Tags: Twinkle Undo ← Previous edit		Latest revision as of 03:41, 11 August 2025 edit undo Bender the Bot (talk \| contribs) Bots 1,064,377 edits m →Protection against and detecting fingerprinting: HTTP to HTTPS for SourceForge Tag: AWB
(2 intermediate revisions by 2 users not shown)
Line 22: == Protection against and detecting fingerprinting == Protection against the fingerprint doorway to attack is achieved by limiting the type and amount of traffic a defensive system responds to. Examples include blocking ''address masks'' and ''timestamps'' from outgoing [[Internet Control Message Protocol\|ICMP]] control-message traffic, and blocking [[ICMP Echo Reply\|ICMP echo replies]]. A security tool can alert to potential fingerprinting: it can match another machine as having a fingerprinter configuration by detecting ''its'' fingerprint.<ref>{{cite web\|url=~~http~~https://ojnk.sourceforge.net/stuff/iplog.readme \|title=iplog \|date= \|accessdate=2011-11-25}}</ref> Disallowing TCP/IP fingerprinting provides protection from [[vulnerability scanner]]s looking to target machines running a certain operating system. Fingerprinting ~~facilitates~~makes attacks easier. Blocking ~~those~~these ICMP messages is ~~only~~just one of ana ~~array~~number of defenses ~~required~~needed ~~for~~to ~~full~~fully ~~protection~~protect against attacks.<ref>{{cite web\|url=http://seclists.org/pen-test/2007/Sep/0030.html \|title=OS detection not key to penetration \|publisher=Seclists.org \|date= \|accessdate=2011-11-25}}</ref> Targeting the ICMP datagram, an obfuscator running on top of IP in the internet layer acts as a "scrubbing tool" to confuse the TCP/IP fingerprinting data. These exist for [[Microsoft Windows]],<ref>{{cite web\|url=http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools \|title=OSfuscate \|publisher=Irongeek.com \|date=2008-09-30 \|accessdate=2011-11-25}}</ref> [[Linux]]<ref>{{cite web\|author=Carl-Daniel Hailfinger, carldani@4100XCDT \|url=~~http~~https://ippersonality.sourceforge.net/ \|title=IPPersonality \|publisher=Ippersonality.sourceforge.net \|date= \|accessdate=2011-11-25}}</ref> and [[FreeBSD]].<ref>{{cite web\|url=http://www.usenix.org/events/sec00/full_papers/smart/smart_html/index.html \|title=Defeating TCP/IP stack fingerprinting \|publisher=Usenix.org \|date=2002-01-29 \|accessdate=2011-11-25}}</ref> == Fingerprinting tools == Line 35: * [[p0f]] – comprehensive passive TCP/IP stack fingerprinting. * NetSleuth – free passive fingerprinting and analysis tool * [[PacketFence]]<ref>{{cite web\|url=http://www.packetfence.org/ \|title=PacketFence \|publisher=PacketFence \|date=2011-11-21 \|accessdate=2011-11-25}}</ref> – open source [[Network ~~Access~~access ~~Control~~control\|NAC]] with passive DHCP fingerprinting. * Satori – passive [[Cisco Discovery Protocol\|CDP]], DHCP, ICMP, [[HP Switch Protocol\|HPSP]], [[HTTP]], TCP/IP and other stack fingerprinting. * SinFP – single-port active/passive fingerprinting. * XProbe2 – active TCP/IP stack fingerprinting. * queso - well-known tool from the late 1990s which is no longer being updated for modern operating systems. == References == Line 46: == External links == * [http://insecure.org/nmap/osdetect/ Remote OS detection via TCP/IP Stack FingerPrinting (2nd Generation)] * [https://bilisim.ahmetcadirci.com/ Bilişim Kodları ve Kısaltmaları] {{DEFAULTSORT:Tcp Ip Stack Fingerprinting}}