Automated packet trace analysis of TCP implementations
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Building Internet Firewalls
The Phoenix framework: a practical architecture for programmable networks
IEEE Communications Magazine
Protocol scrubbing: network security through transparent flow modification
IEEE/ACM Transactions on Networking (TON)
Measuring interactions between transport protocols and middleboxes
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Measuring the evolution of transport protocols in the internet
ACM SIGCOMM Computer Communication Review
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
Scalable network-based buffer overflow attack detection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Toward undetected operating system fingerprinting
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Census and survey of the visible internet
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Proceedings of the International Conference and Workshop on Emerging Trends in Technology
MitiBox: camouflage and deception for network scan mitigation
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
IpMorph: fingerprinting spoofing unification
Journal in Computer Virology
A hybrid approach to operating system discovery based on diagnosis
International Journal of Network Management
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Application presence fingerprinting for NAT-Aware router
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Remote OS fingerprinting using BP neural network
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
Experience with heterogenous clock-skew based device fingerprinting
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
OS-Sommelier: memory-only operating system fingerprinting in the cloud
Proceedings of the Third ACM Symposium on Cloud Computing
Hi-index | 0.00 |
This paper describes the design and implementation of a TCP/IP stack fingerprint scrubber. The fingerprint scrubber is a new tool to restrict a remote user's ability to determine the operating system of another host on the network. Allowing entire subnetworks to be remotely scanned and characterized opens up security vulnerabilities. Specifically, operating system exploits can be efficiently run against a pre-scanned network because exploits will usually only work against a specific operating system or software running on that platform. The fingerprint scrubber works at both the network and transport layers to convert ambiguous traffic from a heterogeneous group of hosts into sanitized packets that do not reveal clues about the hosts' operating systems. This paper evaluates the performance of a fingerprint scrubber implemented in the FreeBSD kernel and looks at the limitations of this approach.