IpMorph: fingerprinting spoofing unification

Authors:
Guillaume Prigent;Florian Vichot;Fabrice Harrouet
Affiliations:
Diateam: Architectes de l'information, Brest, France 29200;Diateam: Architectes de l'information, Brest, France 29200;Laboratoire d'Informatique des Systèmes Complexes (LISyC), Technopôle Brest Iroise, Plouzané, France 29280
Venue:
Journal in Computer Virology
Year:
2010

Citing 1
Cited 2

Defeating TCP/IP stack fingerprinting

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9

Tetherway: a framework for tethering camouflage

Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
OS-Sommelier: memory-only operating system fingerprinting in the cloud

Proceedings of the Third ACM Symposium on Cloud Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

There is nowadays a wide range of TCP/IP stack identification tools that allow to easily recognize the operating system of foreseen targets. The object of this article is to show that fingerprint concealment and spoofing are uniformly possible against different known fingerprinting tools. We present IpMorph, counter-recognition software implemented as a user-mode TCP/IP stack, ensuring session monitoring and on the fly packets re-writing. We detail its operation and use against tools like Nmap, Xprobe2, Ring2, SinFP and p0f, and we evaluate its efficiency thanks to a first technical implementation that already covers most of our objectives.