Re: Application-based fingerprinting ?

From: skyper (skyper@segfault.net)
Date: Wed Feb 05 2003 - 07:42:43 EST


On Tue, Feb 04, 2003 at 10:27:06PM +0100, Joris De Donder wrote:
>
> >Have there been any attempts to explore this area further?
>
> http://www.thehackerschoice.com/releases.php

the correct url is at http://www.thehackerschoice.com/thc-rut

It currently takes banners from WWW, telnetd, ftp, smtp, snmp
and throws them through a perl-regular expression array.

skyper

>
> "THC-RUT comes with a OS host Fingerprinter which determines the remote
> OS by open/closed port characteristics, banner matching and nmap
> fingerprinting techniques (T1, tcpoptions)."
>
> "Amap is a next-generation scanning tool, it identifies applications
> and services even if they are not listening on the default port by
> creating a bogus-communication."

-- 
PGP: dig @segfault.net skyper axfr|grep TX|cut -f2 -d\"|sort|cut -f2 -d\;
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT