Bugtraq mailing list archives
Re: usual iploggers miss some variable stealth scans
From: OFriedrichs () SECURITY-FOCUS COM (Oliver Friedrichs)
Date: Wed, 19 Jan 2000 11:36:01 -0800
[ snip - note that it is often exactly bugs in the is-this-an-existing- connection lookup that os detection code exploits. ]
You'd be suprised at how untrue this is (the "often" part). While much of whats publically available may do this, there are many other variables in a stack unrelated to TCP state that can be used to identify an OS - and are also virtually impossible for someone to fix. Virtually every commercial and free OS supports different IP otions, and will handle them in different ways. It would be virtually impossible to get every vendor to synchronize what they support. TCP options give you even more variety. CyberCop Scanner 5.5 uses a variety of these methods to identify the target OS.. Anthony Osbourne can probably comment more on this.. I don't believe any of this is proprietary, since you can see it with a sniffer anyways - and the arachNIDS database at whitehats.com detects this. - Oliver securityfocus.com
Current thread:
- Re: usual iploggers miss some variable stealth scans David LeBlanc (Jan 18)
- <Possible follow-ups>
- Re: usual iploggers miss some variable stealth scans Hank Leininger (Jan 18)
- Re: usual iploggers miss some variable stealth scans Oliver Friedrichs (Jan 19)
- Re: usual iploggers miss some variable stealth scans Ralf Laue (Jan 21)
- Re: usual iploggers miss some variable stealth scans antirez (Jan 22)
- Re: usual iploggers miss some variable stealth scans Theo de Raadt (Jan 23)
- Security Bulletins Digest Aleph One (Jan 24)
- majordomo 1.94.5 does not fix all vulnerabilities Brock Sides (Jan 24)
- Re: majordomo 1.94.5 does not fix all vulnerabilities Chan Wilson (Jan 25)
- Re: majordomo 1.94.5 does not fix all vulnerabilities Dave Barr (Jan 25)
- Re: majordomo 1.94.5 does not fix all vulnerabilities Olaf Kirch (Jan 25)
- Re: majordomo 1.94.5 does not fix all vulnerabilities Martin Mares (Jan 25)