Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Automatic generation of OS probes

From: David Fifield <david () bamsoftware com>
Date: Tue, 28 Jul 2015 10:08:05 -0700
Here is a nice paper from 2010 that evaluates automatic generation of OS
probes and signatures. Section 3.2: "The probe generator produces a
large set of non-fragmented network packets by assigning randomly
generated values to various IP and TCP fields, subject to the
constraints that packets must be well-constructed and routable to a
target machine." They encounter problems with the idea and conclude in
part that "automatic techniques can help identify candidate signatures,
but our results suggest that manual expertise will remain an integral
part of fingerprint generation."

https://homes.cs.washington.edu/~yoshi/papers/fuzzing_aisec2010.pdf

To find out what packet differences are truly attributable to OS
differences, they turned to source code. Section 4.2.1 has something I
didn't know before: "if a response packet contains the WScale TCP
option, then the amount of memory on the remote host can influence the
response packet's WScale value."
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: