Vulnerability Development mailing list archives
Re: Blind Remote Buffer Overflow
From: rwh () CASEMA NET (Reinier Heeres)
Date: Tue, 2 May 2000 12:00:49 +0200
Hi, "Granquist, Lamont" wrote:
NMAP (www.insecure.org/nmap) and queso will both do remote OS identification based on the characteristics of the TCP/IP stack of the target machine. They do this by sending out various valid or invalid TCP packets and comparing the responses to a database. You will find that different machines use different window sizes, do different things with the TCP sequence number, do different things with TCP options and reorder them in the response packet, etc, etc. Fyodor wrote a good article on how this works in a recent Phrack article (see the NMAP page for links).
NMAP does not have to be reliable. I wrote a kernel patch for linux which allows you to change your fingerprint, and I think such a thingy also exists for freebsd. You can find the linux kernel patch at www.hit2000.org/kosf. And hey, I'm still looking for beta testers ;-) Cheers, RwH
Current thread:
- Re: Blind Remote Buffer Overflow Ex Machina (Apr 30)
- <Possible follow-ups>
- Re: Blind Remote Buffer Overflow Matthew R. Potter (Apr 30)
- Re: Blind Remote Buffer Overflow Arturo Busleiman (Apr 30)
- Re: Blind Remote Buffer Overflow Ralph The Wonder Llama (May 01)
- Re: Blind Remote Buffer Overflow Granquist, Lamont (May 01)
- Re: Blind Remote Buffer Overflow Reinier Heeres (May 02)
- Re: Blind Remote Buffer Overflow Matthew R. Potter (May 02)
- Re: Blind Remote Buffer Overflow Jani Ollikainen (May 02)
- Re: Blind Remote Buffer Overflow Granquist, Lamont (May 01)
- Re: Blind Remote Buffer Overflow Bluefish (May 01)
- Re: Blind Remote Buffer Overflow Marc (May 01)
- Re: Blind Remote Buffer Overflow Blue Boar (May 01)
- Re: Blind Remote Buffer Overflow matej (May 01)
- Re: Blind Remote Buffer Overflow Pavol Luptak (May 02)
- Ascii-x86 was: Blind Remote Buffer Overflow Bluefish (May 03)
- Re: Ascii-x86 was: Blind Remote Buffer Overflow Robert Collins (May 03)
- Re: Ascii-x86 was: Blind Remote Buffer Overflow Bill Weiss (May 03)