Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blind Remote Buffer Overflow

From: rwh () CASEMA NET (Reinier Heeres)
Date: Tue, 2 May 2000 12:00:49 +0200

Hi,

"Granquist, Lamont" wrote:


NMAP (www.insecure.org/nmap) and queso will both do remote OS
identification based on the characteristics of the TCP/IP stack of the
target machine.  They do this by sending out various valid or invalid TCP
packets and comparing the responses to a database.  You will find that
different machines use different window sizes, do different things with
the TCP sequence number, do different things with TCP options and reorder
them in the response packet, etc, etc.  Fyodor wrote a good article on how
this works in a recent Phrack article (see the NMAP page for links).


NMAP does not have to be reliable. I wrote a kernel patch for linux which allows you
to change your fingerprint, and I think such a thingy also exists for freebsd. You
can find the linux kernel patch at www.hit2000.org/kosf. And hey, I'm still looking
for beta testers ;-)

Cheers, RwH
Previous By Date Next
Previous By Thread Next

Current thread: