Re: OS Fingerprints

From: Dragos Ruiu (dr@kyx.net)
Date: Wed Oct 05 2005 - 21:53:35 EDT


This new talk coming at PacSec 05, seems like it
will be of interest to the people who are interested
in this thread. I'm told early results with their
technique show promise. I'm looking forward
to perusing their info myself. The slides
will be posted in Japanese and English
after the conference.

Some additional information about the talk...

Speaker: Javier Burroni, working at Core Security
Technologies' Labs in Buenos Aires, Argentina

Title: Using Neural Networks for remote OS identification

Description:

Remote operating system detection techniques
based on fingerprint analysis are widely used
in the penetration testing process. The first
fingerprinting implementations were based
on the analysis of differences between
TCP/IP stack implementations. The next
generation focused their analysis on the
application layer data such as the DCE RPC
endpoint information. Even though it was
an advance in the information to work with
some variation of the "best fit" algorithm was
still used to interpret the new information.
This strategy suffers from the weakness that
it will not work in non-standard situations
and the inability to extract the key elements
which uniquely identify an operating system.
The next step is to focus on the algorithm used
to analyze the data rather than the data itself.
Our new approach involves an analysis of the
composition of the information collected
during the OS identification process to identify
elements and their relations. We have found
that this produces better results under certain
configurations.

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan	November 14-16 2005  http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:02 EDT