Penetration Testing mailing list archives
Re: Application-based fingerprinting ?
From: Paul Cardon <paul () moquijo com>
Date: Tue, 04 Feb 2003 13:48:07 -0500
A friend (hey Chris) and I did some noodling with DNS server responses to fingerprint versions of bind and other DNS implementations at a very granular level. Setting values in zeroed, unused or reserved fields would result in different responses from different versions of bind. It appeared fruitful but we never dove in to the point of developing a full fingerprint database and scanning code.
I also recently saw a paper (and tool) on fingerprinting IPSec implementations based on IKE timeout/retry intervals.
Some web scanning tools do a certain amount of fingerprinting as well rather than trusting the header response.
It is definitely an area worth exploring. -paul ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Application-based fingerprinting ? Anders Thulin (Feb 04)
- Re: Application-based fingerprinting ? Dave Aitel (Feb 04)
- Re: Application-based fingerprinting ? Eugene Tsyrklevich (Feb 04)
- Re: Application-based fingerprinting ? Paul Cardon (Feb 04)
- Re: Application-based fingerprinting ? Chris Reining (Feb 04)
- Re: Application-based fingerprinting ? Bill Pennington (Feb 05)
- Re: Application-based fingerprinting ? Javier Fernandez-Sanguino (Feb 10)
- <Possible follow-ups>
- RE: Application-based fingerprinting ? Skyler King (Feb 04)
- Re: Application-based fingerprinting ? Joris De Donder (Feb 04)
- Re: Application-based fingerprinting ? skyper (Feb 05)