1. InfoconDB
  2. Notacon
  3. Notacon 1 (2004)
  4. Frustrating OS Fingerprinting with Morph

Frustrating OS Fingerprinting with Morph

Presented at Notacon 1 (2004), Unknown date/time (Unknown duration)

Sun Tzu once stated, "Know your enemy and know yourself, and in a hundred battles you will never be defeated." By denying outsiders information about our systems and software, we make it more difficult to mount successful attacks.

There are a wealth of options for OS-fingerprinting today, evolving from basic TCP-flag mangling tools such as Queso, through the ICMP quirk-detection of the original Xprobe, and the packet timing analysis of RING, to today's suite of multiple techniques employed by nmap. The ultimate advantage in the OS-detection game lies with the defender, however, as it is they who control what packets are sent in response.

Morph is a BSD-licensed remote OS detection spoofing tool. It is portable and configurable, and is designed to frustrate current state-of-the-art OS fingerprinting. This presentation will discuss the current techniques used for OS fingerprinting, and how to frustrate them. Morph will be released with the talk, as a concrete example of the discussed techniques.

OS fingerprinting is one of the most useful methods available to gather information for an attack. Some work has been done in the past to defend against OS fingerprinting (FPF by Packet Knights), but none have been implemented with portability in mind. A tool is needed that will allow systems administrators to protect their assets against reconnaissance efforts of potential attackers.


Presenters:

  • Kathy Wang - Syn Ack Labs
    Kathy Wang broke into programming with BASIC on the Apple IIgs. She has a bachelor's and master's degree in electrical engineering from the University of Michigan, where she specialized in VLSI chip design and semiconductor device physics and fabrication. She worked at Digital as part of the Next-Generation Alpha Chip Design Team, and got to spend an entire wonderful summer blowing up Alpha chips. She has published a paper on some of the work she did there at an IEEE conference. Kathy has instructed courses ranging from Semiconductor Device Physics to Vulnerability Assessment and Penetration Testing. Since Digital got broken up by Compaq and Intel, Kathy has focused on the software side of things. She has worked at Counterpane Internet Security, and currently works as a Senior Infosec Engineer at The MITRE Corporation. Kathy is also a founder of Syn Ack Labs, a computer security research group focused on cryptography, steganography, and low-level packet hijinks.

Similar Presentations: