Understanding and preventing network device fingerprinting

Bell Labs Technical Journal

Volumn 12, Issue 3, 2007, Pages 149-166

  Greenwald, Lloyd G ^a   Thomas, Tavaris J ^a  

^a LUCENT TECHNOLOGIES   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

FINGERPRINTING; NETWORK SCRUBBERS; OPEN SOURCE TOOLS;

COMPUTER AIDED SOFTWARE ENGINEERING; COMPUTER CRIME; COMPUTER SYSTEM FIREWALLS; INTERNET PROTOCOLS; OPEN SYSTEMS; PACKET NETWORKS;

NETWORK SECURITY;

EID: 36549030872     PISSN: 10897089     EISSN: 15387305     Source Type: Journal    
DOI: 10.1002/bltj.20257     Document Type: Article

References (20)

1. O. Arkin, F. Yarochkin, and M. Kydyraliev, "The Present and Future of Xprobe2: The Next Generation of Active Operating System Fingerprinting," Sys-Security Group, July 2003, 〈http://sys-security.com/blog/published- materials/papers/〉.
2. P. Auffret, "SinFP," Jan. 2007, 〈http://www.gomor.org/ sinfp/〉.
3. D. Barroso Berrueta, "A Practical Approach for Defeating Nmap OS-Fingerprinting," 2003, 〈http://www.zog.net/Docs/nmap.html〉.
4. S. Bellovin, "Defending Against Sequence Number Attacks," IETF RFC 1948, May 1996, 〈http://www.ietf.org〉.
5. R. Beverly, "A Robust Classifier for Passive TCP/IP Fingerprinting," Proc. 5th Passive and Active Measurement Workshop (PAM '04) (Juan-les-Pins, Fr., 2004), pp. 158-167.
6. J. Burroni and C. Sarraute, "Using Neural Networks for Remote OS Identification," Proc. Pacific Security Conf. (PacSec '05) (Tokyo, Japan, 2005).
7. Fyodor, "Remote OS Detection via TCP/IP Stack Fingerprinting," Insecure.Org, June 11, 2002, 〈http://insecure.org/nmap/nmap-fingerprinting- old.html〉.
8. Fyodor, "Remote OS Detection via TCP/IP Fingerprinting (2nd Generation)," Insecure.Org, Jan. 2007, 〈http://insecure.org/nmap/ osdetect/〉.
9. D. Hartmeier, "PF: The OpenBSD Packet Filter," OpenBSD, Oct. 2006, 〈http://www.openbsd. org/faq/pf/〉.
10. V. Jacobson, R. Braden, and D. Borman, "TCP Extensions for High Performance," IETF RFC 1323, May 1992, 〈http://www.ietf.org〉.
11. R. McCabe, "iplog," 2001, 〈http://ojnk. sourceforge.net/stuff/iplog.readme〉.
12. J. Messer, "Secrets of Network Cartography: A Comprehensive Guide to nmap," Network Uptime, June 2005, 〈www.networkuptime.com/nmap/index. shtml〉.
13. M. Roesch, "Snort," Jan. 2007, 〈http://www.snort. org〉.
14. G. Roualland and J.-M. Saffroy, "IP Personality," Apr. 2002, 〈http://ippersonality.sourceforge. net/〉.
15. S. J. Russell and P. Norvig, Artificial Intelligence: A Modern Approach, Prentice Hall/Pearson Education, Upper Saddle River, NJ, 2003.
16. C. E. Shannon, "A Mathematical Theory of Communication," Bell Sys. Tech. J., 27:3 (1948), 379-423, 27:4 (1948), 623-656.
17. M. Smart, G. R. Malan, and F. Jahanian, "Defeating TCP/IP Stack Fingerprinting," Proc. 9th Usenix Security Symposium (USENIX '00) (Denver, 2000), pp. 229-240.
18. S. Trifero and D. Callaway, "Stealth," Security Technologies, 〈http://www.innu.org%7Esean/〉.
19. D. Watson, M. Smart, and G. R. Malan, "Protocol Scrubbing: Network Security Through Transparent Flow Modification," IEEE/ACM Trans. Networking, 12:2 (2004), 261-273.
20. M. Zalewski, "the new pOf: 2.0.8," Sept. 9, 2006, 〈http://lcamtuf.coredump.cx/pOf.shtml〉.