InfoconDB

Presented at DEF CON 9 (2001), July 14, 2001, noon (50 minutes).

During my research with the �ICMP Usage In Scanning� project, I have discovered some new active and passive operating system fingerprinting methods using the ICMP protocol. Methods that are simple, and efficient.

The active operating system fingerprinting methods were not correlated into a certain logic. A logic that would allow us to have the ability to use any available method in order to, wisely, actively fingerprint an operating system.

In this talk I will be releasing a new active operating system fingerprinting tool using the active OS fingerprinting methods with the ICMP protocol I have discovered. I will be explaining the tool�s inner works and the various active OS fingerprinting methods with ICMP implemented and used with the tool.

The tool�s limitations, ways to detect its usage, and how to defend our selves from its abilities will also be discussed. Future plans and enhancements, which include a different approach to OS detection, will be presented as well.

Presenters:

Ofir Arkin - The Sys-Security Group
Ofir Arkin is the Founder of the Sys-Security Group, a free computer security research body. Ofir is most widely known for his research about the ICMP protocol usage in scanning. He has extensive knowledge and experience with many aspects of the Information Security field including: Cryptography, Firewalls, Intrusion Detection, OS Security, TCP/IP, Network Security, Internet Security, Networking Devices Security, Security Assessment, Penetration Testing, E-Commerce, and Information Warfare. Ofir has worked as consultant for several European finance institutes where he played the rule of Senior Security Analyst, and Chief Security Architect in major projects. Ofir has published several papers, the newest deal with �Passive Fingerprinting techniques� and with the �ICMP protocol usage In Scanning�.

Introducing X: Playing Tricks with ICMP

Presenters:

Links:

Similar Presentations: