Honeypots mailing list archives
Passive Fingerprinting
From: "Gonzalez, Albert" <albert.gonzalez () eds com>
Date: Thu, 16 Jan 2003 10:38:15 -0500
I believe that passive fingerprinting is very useful, I just don't see how useful it is to judge attackers skills based on their OS. The paper on Passive Fingerprinting[1] states the current limitation, and im sure there are others. If i go ahead and change my default values in the kernel, how will you be able to judge me if I make all the characteristics look like a windows 95 machine? If you're running honeypots, you should judge them by what they did on your machine, and even then you shouldn't judge them. I don't see the worthwhile of this project... Cheers! [1] - http://project.honeynet.org/papers/finger/ These views are strickly my own, and not that of my employer. --- Alberto Gonzalez EDS - Global Security Operations Center Security and Privacy Professional Services
Current thread:
- Passive Fingerprinting Gonzalez, Albert (Jan 16)
- Re: Passive Fingerprinting Franck Veysset (Jan 16)