On the Current State of Remote Active OS Fingerprinting

Presented at DEF CON 13 (2005), July 29, 2005, 11 a.m. (50 minutes)

Active operating system fingerprinting is a technology, which uses stimulus (sends packets) in order to provoke a reaction from network elements. The implementations of active scanning will monitor the network for a response to be, or not, received from probed targeted network elements, and according to the type of response, and the conclusions following (part of an implementation's intelligence), knowledge will be gathered about the underlying operating system. This talk examines the current state of remote active OS fingerprinting technology and tools: the different methods used today, the issues associated with them, the limitations, where the current technology is, what can and cannot be accomplished, and what should be done in the future. The talk also highlights the accuracy aspects of several active operating system fingerprinting tools, analyzes them and compare between them. During the talk a new version of Xprobe2, a remote active OS fingerprinting tool will be released.

Presenters:

• Ofir Arkin - CTO and Co-Founder, Insightix
  Ofir Arkin is the CTO and Co-founder of Insightix, which pioneers the next generation of IT infrastructure discovery, monitoring and auditing systems for enterprise networks. Ofir holds 10 years of experience in data security research and management. Prior to co-founding Insightix, Ofir served as a CISO of a leading Israeli international telephone carrier. In addition, Ofir has consulted and worked for multinational companies in the financial, pharmaceutical and telecommunication sectors. Ofir conducts cutting edge research in the information security field and has published several research papers, advisories and articles in the fields of information warfare, VoIP security, and network discovery, and lectured in a number of computer security conferences about the research. Hi best known published papers are: "ICMP Usage in Scanning", "Security Risk Factors with IP Telephony based Networks", "Trace-Back", "Etherleak: Ethernet frame padding information leakage". He is a co-author of the remote active operating system fingerprinting tool Xprobe2. Ofir is an active member with the Honeynet project and is co-author of the team's book, "Know Your Enemy" published by Addison-Wesley. Ofir is also the founder of Sys-Security Group (http://www.sys-security.com), a computer security research group.

Links:

• https://defcon.org/html/defcon-13/dc13-speakers.html#Arkin
• https://infocon.org/cons/DEF CON/DEF CON 13/DEF CON 13 video/DEF CON 13 Hacking Conference Presentation By Ofir Arkin - Remote Active OS Fingerprint - Video.mp4
• https://www.youtube.com/watch?v=sjzxM420_As

Similar Presentations:

• DEF CON 9 (2001) / Introducing X: Playing Tricks with ICMP
• Notacon 1 (2004) / Frustrating OS Fingerprinting with Morph
• DEF CON 11 (2003) / Revolutionizing Operating System Fingerprinting