Penetration Testing mailing list archives

Re: OS Fingerprints

From: Dragos Ruiu <dr () kyx net>
Date: Wed, 5 Oct 2005 18:53:35 -0700

This new talk coming at PacSec 05, seems like it
will be of interest to the people who are interested 
in this thread. I'm told early results with their 
technique show promise. I'm looking forward
to perusing their info myself. The slides
will be posted in Japanese and English
after the conference.

Some additional information about the talk...


Speaker:  Javier Burroni, working at Core Security
Technologies' Labs in Buenos Aires, Argentina

Title: Using Neural Networks for remote OS identification

Description:

Remote operating system detection techniques 
based on fingerprint analysis are widely used 
in the penetration testing process.  The first
fingerprinting implementations were based 
on the analysis of differences between 
TCP/IP stack implementations.  The next 
generation focused their analysis on the 
application layer data such as the DCE RPC 
endpoint information. Even though it was 
an advance in the information to work with 
some variation of the "best fit" algorithm was 
still used to interpret the new information.  
This strategy suffers from the weakness that
it will not work in non-standard situations 
and the inability to extract  the key elements 
which uniquely identify an operating system. 
The next step is to focus on the algorithm used 
to analyze the data rather than the data itself.
Our new approach involves an analysis of the 
composition of the information collected
during the OS identification process to identify
elements and their relations. We have found 
that this produces better results under certain
configurations.

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan    November 14-16 2005  http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

OS Fingerprints BSK (Oct 05)
- Re: OS Fingerprints Franck Veysset (Oct 05)
- Re: OS Fingerprints Daniele Bellucci (Oct 05)
- RE: OS Fingerprints Omar (Oct 05)
- RE: OS Fingerprints JB (Oct 05)
- Re: OS Fingerprints GomoR (Oct 05)
  - Re: OS Fingerprints Dragos Ruiu (Oct 06)
- Re: OS Fingerprints Nicolas Gregoire (Oct 05)
- Re: OS Fingerprints Francisco Pecorella (Oct 05)
- Re: OS Fingerprints Tim (Oct 05)
- Re: OS Fingerprints Joe Matusiewicz (Oct 05)
- RE: OS Fingerprints Omar A. Herrera (Oct 05)
- Re: OS Fingerprints Chuck (Oct 05)
- <Possible follow-ups>
- Re: OS Fingerprints Don Parker (Oct 05)
- RE: OS Fingerprints ankush.kapoor (Oct 05)
- Re: OS Fingerprints BSK (Oct 05)
- Re: OS Fingerprints sumit . siddharth (Oct 05)

(Thread continues...)