From: Paul Cardon (paul@moquijo.com)
Date: Tue Feb 04 2003 - 13:48:07 EST
A friend (hey Chris) and I did some noodling with DNS server responses
to fingerprint versions of bind and other DNS implementations at a very
granular level. Setting values in zeroed, unused or reserved fields
would result in different responses from different versions of bind. It
appeared fruitful but we never dove in to the point of developing a full
fingerprint database and scanning code.
I also recently saw a paper (and tool) on fingerprinting IPSec
implementations based on IKE timeout/retry intervals.
Some web scanning tools do a certain amount of fingerprinting as well
rather than trusting the header response.
It is definitely an area worth exploring.
-paul
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT