Nmap Development mailing list archives
Automatic generation of OS probes
From: David Fifield <david () bamsoftware com>
Date: Tue, 28 Jul 2015 10:08:05 -0700
Here is a nice paper from 2010 that evaluates automatic generation of OS probes and signatures. Section 3.2: "The probe generator produces a large set of non-fragmented network packets by assigning randomly generated values to various IP and TCP fields, subject to the constraints that packets must be well-constructed and routable to a target machine." They encounter problems with the idea and conclude in part that "automatic techniques can help identify candidate signatures, but our results suggest that manual expertise will remain an integral part of fingerprint generation." https://homes.cs.washington.edu/~yoshi/papers/fuzzing_aisec2010.pdf To find out what packet differences are truly attributable to OS differences, they turned to source code. Section 4.2.1 has something I didn't know before: "if a response packet contains the WScale TCP option, then the amount of memory on the remote host can influence the response packet's WScale value." _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Automatic generation of OS probes David Fifield (Jul 28)
- Re: Automatic generation of OS probes marilyn monroe (Jul 28)