RE: Application-based fingerprinting ?

From: Skyler King (sking@zonelabs.com)
Date: Tue Feb 04 2003 - 13:41:33 EST

• Next message: Eugene Tsyrklevich: "Re: Application-based fingerprinting ?"
• Previous message: Pete Herzog: "RE: Proposal?"
• Maybe in reply to: Anders Thulin: "Application-based fingerprinting ?"
• Next in thread: Eugene Tsyrklevich: "Re: Application-based fingerprinting ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

One that I am aware of:

"Detecting and Defending against Web-Server Fingerprinting" discusses
methods of fingerprinting web servers.

http://www.acsac.org/2002/abstracts/96.html

sky

> -----Original Message-----
> From: Anders Thulin [mailto:Anders.Thulin@kiconsulting.se]
> Sent: Monday, February 03, 2003 11:22 PM
> To: pen-test@securityfocus.com
> Subject: Application-based fingerprinting ?
>
>
> Hi!
>
> Fingerprinting a TCP stack seems a fairly well understood
> technique by now, and there are several tools, more or less
> developed, for the task: nmap, ring, ICMP-based techniques, etc.
>
> A recent glance over the output from a dozen different
> finger servers suggests that fingerprinting might be done
> fairly well on application level, too, although possibly not
> always as exactly as for TCP/IP-based techniques:
> applications are easier to move around than TCP stacks are.
>
> Have there been any attempts to explore this area further?
> I've googled around, but not found anything obvious, except
> for observations of some fingerprints, such as responses to
> DNS SERVER_STATUS_REQUEST (a few respond with something else
> than 'not implemented'), and so on.
>
> --
> Anders Thulin anders.thulin@kiconsulting.se 040-661 50 63
> Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA) Service. For more information on
> SecurityFocus' SIA service which automatically alerts you to
> the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Eugene Tsyrklevich: "Re: Application-based fingerprinting ?"
• Previous message: Pete Herzog: "RE: Proposal?"
• Maybe in reply to: Anders Thulin: "Application-based fingerprinting ?"
• Next in thread: Eugene Tsyrklevich: "Re: Application-based fingerprinting ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT