XProbe, The Year After

Presented at DEF CON 10 (2002), Aug. 2, 2002, 11 a.m. (50 minutes)

Xprobe, written and maintained by Fyodor Yarochkin & Ofir Arkin, is an active operating system fingerprinting tool based on Ofir Arkin's "ICMP Usage in Scanning" research project (http://www.sys-security.com). Last year at the Blackhat briefings, July 2001, the first generation of Xprobe was released. The tool's first generation (Xprobe v0.0.1) relies on a hard coded static-based logic tree. Although it has a lot of advantages (1-4 packets only, accurate, fast, efficient, etc.) the tool suffers from a major drawback - its logic is static. At Defcon 10 we will be releasing Xprobe2, a complete re-written active operating system fingerprinting tool with a different approach to operating system fingerprinting. Xprobe2 rely on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database. As with the previous year - Don't miss the demonstration!

Presenters:

• Ofir Arkin - Founder, The Sys-Security Group
  Ofir Arkin is the Founder of the Sys-Security Group (http://www.sys-security.com), a free computer security research body. Ofir has published several papers as well as articles and advisories. Most known are the "ICMP Usage in Scanning", and "Trace-Back" research papers. Some of his research was mentioned in professional computer security magazines. He is an active member with the Honeynet project and participated in writing the Honeynet's team book, "Know Your Enemy" published by Addison-Wesley.

Links:

• https://defcon.org/html/defcon-10/defcon-10-speakers.html#ofirarkin
• https://infocon.org/cons/DEF CON/DEF CON 10/DEF CON 10 video/DEF CON 10 - Ofir Arkin - XProbe.mp4
• https://www.youtube.com/watch?v=ajzDhxPjGyI

Similar Presentations:

• DEF CON 13 (2005) / On the Current State of Remote Active OS Fingerprinting
• DEF CON 11 (2003) / Revolutionizing Operating System Fingerprinting
• DEF CON 9 (2001) / Introducing X: Playing Tricks with ICMP