Nmap's Silent Partner

Networking/Security Forums -> General Security Discussion

Author: RottzLocation: East Coast, USA PostPosted: Thu Jun 19, 2003 3:11 pm    Post subject: Nmap's Silent Partner
    ----
Nmap's Silent Partner
By Marcus Ranum
Quote:
Tools that fingerprint operating systems are a hacker's dream. They make
it ridiculously simple to identify easy targets. Run Nmap against a
target, learn what OS version it's running, and then look for a set of
attack tools that can take out that particular release.

Fortunately for us (the good guys), most fingerprinting scans leave
distinctive patterns that are easily detected by a decent IDS. But aside
from that, the good guys can also use a powerful OS fingerprinting
technique called Passive Operating System Fingerprinting (POF). Several
POF tools are available; the original is called "p0f" (with a zero),
co-created by Michael Zalewski and Bill Stearns.

POF is invisible, silent and nonintrusive. Unlike active fingerprinting
tools such as Nmap, POF operates only as a sniffer and generates no
packets. This is extremely important, because that means it won't
interfere with legitimate traffic, and it won't force you and your IDS to
worry about which scans are legitimate and which aren't.

Full Article: http://www.infosecuritymag.com/2003/jun/cooltools.shtml

p0f is a pretty cool tool to passively fingerprint intruders, I've used it on my linux box before.

Additional Links:

Author: alt.don PostPosted: Thu Jun 19, 2003 4:03 pm    Post subject:
    ----
Yes indeed p0f is an excellent passive fingerprinting tool. Though imho one should still try to learn what tcp metrics belong to what system. It just helps you recognize potential anomalies while looking over your logs and or IP address pulls. That being said we use it at our work as well. Good post Rottz! Smile



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group