• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Nmap's Silent Partner

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
Rottz
Just Arrived
Just Arrived


Joined: 29 Mar 2003
Posts: 3
Location: East Coast, USA

Offline

PostPosted: Thu Jun 19, 2003 3:11 pm    Post subject: Nmap's Silent Partner Reply with quote

Nmap's Silent Partner
By Marcus Ranum
Quote:
Tools that fingerprint operating systems are a hacker's dream. They make
it ridiculously simple to identify easy targets. Run Nmap against a
target, learn what OS version it's running, and then look for a set of
attack tools that can take out that particular release.

Fortunately for us (the good guys), most fingerprinting scans leave
distinctive patterns that are easily detected by a decent IDS. But aside
from that, the good guys can also use a powerful OS fingerprinting
technique called Passive Operating System Fingerprinting (POF). Several
POF tools are available; the original is called "p0f" (with a zero),
co-created by Michael Zalewski and Bill Stearns.

POF is invisible, silent and nonintrusive. Unlike active fingerprinting
tools such as Nmap, POF operates only as a sniffer and generates no
packets. This is extremely important, because that means it won't
interfere with legitimate traffic, and it won't force you and your IDS to
worry about which scans are legitimate and which aren't.

Full Article: http://www.infosecuritymag.com/2003/jun/cooltools.shtml

p0f is a pretty cool tool to passively fingerprint intruders, I've used it on my linux box before.

Additional Links:
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Thu Jun 19, 2003 4:03 pm    Post subject: Reply with quote

Yes indeed p0f is an excellent passive fingerprinting tool. Though imho one should still try to learn what tcp metrics belong to what system. It just helps you recognize potential anomalies while looking over your logs and or IP address pulls. That being said we use it at our work as well. Good post Rottz! Smile
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register