1. InfoconDB
  2. HOPE
  3. The Fifth HOPE (2004)
  4. Frustrating OS Fingerprinting with Morph

Frustrating OS Fingerprinting with Morph

Presented at The Fifth HOPE (2004), July 11, 2004, 4 p.m. (60 minutes)

Sun Tzu once stated "Know your enemy and know yourself, and in a hundred battles you will never be defeated." By denying outsiders information about our systems and software, we make it more difficult to mount successful attacks. There are a wealth of options for OS-fingerprinting today, evolving from basic TCP-flag mangling tools such as Queso, through the ICMP quirk-detection of the original Xprobe and the packet timing analysis of RING, to today's suite of multiple techniques employed by nmap. The ultimate advantage in the OS-detection game lies with the defender, however, as it is they who control what packets are sent in response. Morph is a BSD-licensed remote OS detection spoofing tool. It is portable and configurable, and will frustrate current state-of-the-art OS fingerprinting. This presentation will discuss the current techniques used for OS fingerprinting and how to frustrate them. There will be a live demo, and Morph v0.2 will be released with this talk.


Presenters:

  • Kathy Wang
    Kathy Wang broke into programming with BASIC on the Apple IIgs. She has a bachelor's and master's degree in electrical engineering from the University of Michigan, where she specialized in VLSI chip design and semiconductor device physics and fabrication. She worked at Digital as part of the Next Generation Alpha Chip Design Team, and got to spend an entire wonderful summer blowing up Alpha chips. She has published a paper on some of the work she did there at an IEEE conference. Kathy has instructed courses ranging from "Semiconductor Device Physics" to "Vulnerability Assessment and Penetration Testing." Since Digital got broken up by Compaq and Intel, Kathy has focused on the software side of things. She has worked at Counterpane Internet Security and currently works as a Senior Infosec engineer at the MITRE Corporation. Kathy is also a founder of Syn Ack Labs, a computer security research group focused on cryptography, steganography, and low-level packet hijinks.

Links:

Similar Presentations: