Penetration Testing mailing list archives

Re: Application-based fingerprinting ?

From: Paul Cardon <paul () moquijo com>
Date: Tue, 04 Feb 2003 13:48:07 -0500

A friend (hey Chris) and I did some noodling with DNS server responsesto fingerprint versions of bind and other DNS implementations at a verygranular level. Setting values in zeroed, unused or reserved fieldswould result in different responses from different versions of bind. Itappeared fruitful but we never dove in to the point of developing a fullfingerprint database and scanning code.

I also recently saw a paper (and tool) on fingerprinting IPSecimplementations based on IKE timeout/retry intervals.

Some web scanning tools do a certain amount of fingerprinting as wellrather than trusting the header response.


It is definitely an area worth exploring.

-paul




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Application-based fingerprinting ? Anders Thulin (Feb 04)
- Re: Application-based fingerprinting ? Dave Aitel (Feb 04)
- Re: Application-based fingerprinting ? Eugene Tsyrklevich (Feb 04)
- Re: Application-based fingerprinting ? Paul Cardon (Feb 04)
- Re: Application-based fingerprinting ? Chris Reining (Feb 04)
- Re: Application-based fingerprinting ? Bill Pennington (Feb 05)
- Re: Application-based fingerprinting ? Javier Fernandez-Sanguino (Feb 10)
- <Possible follow-ups>
- RE: Application-based fingerprinting ? Skyler King (Feb 04)
- Re: Application-based fingerprinting ? Joris De Donder (Feb 04)
  - Re: Application-based fingerprinting ? skyper (Feb 05)