Content deleted Content added
Text and grammar have been edited. |
m →Protection against and detecting fingerprinting: HTTP to HTTPS for SourceForge |
||
Line 22:
== Protection against and detecting fingerprinting ==
Protection against the fingerprint doorway to attack is achieved by limiting the type and amount of traffic a defensive system responds to. Examples include blocking ''address masks'' and ''timestamps'' from outgoing [[Internet Control Message Protocol|ICMP]] control-message traffic, and blocking [[ICMP Echo Reply|ICMP echo replies]]. A security tool can alert to potential fingerprinting: it can match another machine as having a fingerprinter configuration by detecting ''its'' fingerprint.<ref>{{cite web|url=
Disallowing TCP/IP fingerprinting provides protection from [[vulnerability scanner]]s looking to target machines running a certain operating system. Fingerprinting makes attacks easier. Blocking these ICMP messages is just one of a number of defenses needed to fully protect against attacks.<ref>{{cite web|url=http://seclists.org/pen-test/2007/Sep/0030.html |title=OS detection not key to penetration |publisher=Seclists.org |date= |accessdate=2011-11-25}}</ref>
Targeting the ICMP datagram, an obfuscator running on top of IP in the internet layer acts as a "scrubbing tool" to confuse the TCP/IP fingerprinting data. These exist for [[Microsoft Windows]],<ref>{{cite web|url=http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools |title=OSfuscate |publisher=Irongeek.com |date=2008-09-30 |accessdate=2011-11-25}}</ref> [[Linux]]<ref>{{cite web|author=Carl-Daniel Hailfinger, carldani@4100XCDT |url=
== Fingerprinting tools ==
| |||