Toward Undetected Operating System Fingerprinting

@inproceedings{Greenwald2007TowardUO,
  title={Toward Undetected Operating System Fingerprinting},
  author={Lloyd G. Greenwald and Tavaris J. Thomas},
  booktitle={WOOT},
  year={2007}
}
Tools for active remote operating system fingerprinting generate many packets and are easily detected by host and network defensive devices such as IDS/NIDS. Since each additional packet increases the probability of detection, it is advantageous to minimize the number of probe packets. We make use of an informationtheoretic measure of test quality to evaluate fingerprinting probes and use this evaluation to derive effective probe combinations that minimize probe packets. While the default… CONTINUE READING
Highly Cited
This paper has 31 citations. REVIEW CITATIONS
23 Citations
21 References
Similar Papers

Citations

Publications citing this paper.
Showing 1-10 of 23 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 21 references

Evaluating Tests used in Operating System Fingerprinting

  • L. Greenwald, T. Thomas
  • LGS Bell Labs Innovations Technical Memorandum TM…
  • 2007
Highly Influential
8 Excerpts

Remote OS Detection via TCP/IP Fingerprinting (2nd Generation)

  • Fyodor
  • Insecure.Org, Jan. 2007, <http://insecure.org…
  • 2007
Highly Influential
4 Excerpts

The Present and Future of Xprobe2: The Next Generation of Active Operating System Fingerprinting

  • O. Arkin, F. Yarochkin, M. Kydyraliev
  • Sys-Security Group, July 2003, <http…
  • 2003
Highly Influential
6 Excerpts

ICMP Usage in Scanning: The Complete Know-How

  • O. Arkin
  • June 2001, <http://www.syssecurity.com/archive…
  • 2001
Highly Influential
10 Excerpts

Defending against NIDS evasion using traffic normalizers

  • V. Paxson, M. Handley
  • 2nd Int. Workshop Recent Advances in Intrusion…
  • 1999
Highly Influential
4 Excerpts

SinFP

  • P. Auffret
  • Jan. 2007, <http://www.gomor.org/sinfp/>.
  • 2007
Highly Influential
8 Excerpts

Using Neural Networks for Remote OS Identification

  • J. Burroni, C. Sarraute
  • Proc. Pacific Security Conf. (PacSec ‘05), (Tokyo…
  • 2005
Highly Influential
11 Excerpts

A Practical Approach for Defeating Nmap OS-Fingerprinting

  • D. Barroso Berrueta
  • 2003, <http://www.zog.net/Docs/nmap.html>.
  • 2003
Highly Influential
9 Excerpts

Snort

  • M. Roesch
  • Jan. 2007, <http://www.snort.org>.
  • 2007
2 Excerpts

Similar Papers

Loading similar papers…