Toward undetected operating system fingerprinting
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
| Hi-index | 0.00 |
Internet Protocol (IP)-based devices disclose information about themselves through responses to common and carefully crafted IP packets. Attackers can discover security vulnerabilities by using open source tools to fingerprint devices remotely by eliciting and analyzing these responses. The current approach to IP-based security tries to solve this problem by interposing defensive devices such as firewalls and network scrubbers between attacker and targets. These devices block and/or modify the responses of target machines, potentially defeating remote fingerprinting attempts. In this work, we present a method for assessing the value of security configurations and provide insights toward the development of a security solution that prevents remote fingerprinting. Our method uses information gain to measure the discriminative power of fingerprinting tools. We use this measure to provide an analytical evaluation of existing open source fingerprinting tools and present an empirical evaluation of the robustness of specific defensive device configurations to defeating the most discriminative tools. © 2007 Alcatel-Lucent.