Revision as of 08:47, 20 January 2020 edit IICS (talk \| contribs) 15 edits →Added Masscan in the list, as it is faster to scan bulk IP Addresses in minutes Tag: Visual edit ← Previous edit		Revision as of 16:49, 19 June 2020 edit undo 109.240.143.8 (talk) →Protection against and detecting fingerprinting Next edit →
Line 25: Disallowing TCP/IP fingerprinting provides protection from [[vulnerability scanner]]s looking to target machines running a certain operating system. Fingerprinting facilitates attacks. Blocking those ICMP messages is only one of an array of defenses required for full protection against attacks.<ref>{{cite web\|url=http://seclists.org/pen-test/2007/Sep/0030.html \|title=OS detection not key to penetration \|publisher=Seclists.org \|date= \|accessdate=2011-11-25}}</ref> Targeting the ICMP datagram, an obfuscator running on top of IP in the internet layer acts as a "scrubbing tool" to confuse the TCP/IP fingerprinting data. These exist for [[MS Windows]],<ref>{{cite web\|url=http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools \|title=OSfuscate \|publisher=Irongeek.com \|date=2008-09-30 \|accessdate=2011-11-25}}</ref> [[Linux]]<ref>{{cite web\|author=Carl-Daniel Hailfinger, carldani@4100XCDT \|url=http://ippersonality.sourceforge.net/ \|title=IPPersonality \|publisher=Ippersonality.sourceforge.net \|date= \|accessdate=2011-11-25}}</ref> and [[FreeBSD]],.<ref>{{cite web\|url=http://www.usenix.org/events/sec00/full_papers/smart/smart_html/index.html \|title=Defeating TCP/IP stack fingerprinting \|publisher=Usenix.org \|date=2002-01-29 \|accessdate=2011-11-25}}</ref> == Fingerprinting tools ==

TCP/IP stack fingerprinting: Difference between revisions