Results 1 to 5 of 5

Thread: Passive Aggressive !

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    Passive Aggressive !

    Passive Aggressive!

    Here are a nice tool for doing 'passive fingerprinting' and remote os identifying. I tried to dl it but had no luck so I can't tell anything more about the tool more then what the article below tells.

    I guess that IntrusIDS can have some problem to detect scans who not exists!?

    Story

    Black hats use 'passive fingerprinting' to identify your operating system without you knowing it. But the technique is useful for white hats too.
    By Jon Lasser, Jan 30 2002 10:02AM PT, Source: Security Focus.

    On January 21st, a new version of an interesting program called p0f was released. p0f is a tool designed for passive OS fingerprinting, identifying an operating system by examining packets being passed over the local network, without sending any packets designed to elicit a response. It's a fascinating area of research, and it may solve the ethical and legal problems associated with active fingerprinting.

    In active OS fingerprinting, the program sends a number of oddly-formed packets to the target system and looks at the response to those packets. Each system will respond differently to at least some of these strange or broken packets, and the "fingerprint" of these responses can be used to guess the operating system.

    Active OS fingerprinting is a technique that has been around since at least 1997, though Queso, the first program to do a thorough job of fingerprinting, was apparently released in August of 1998. (That's as far back as their ChangeLog runs, at any rate.)

    Today, the port-scanning tool Nmap has supplanted Queso as the OS fingerprinting tool of choice. And Fyodor, Nmap's author, had written an excellent paper about active OS fingerprinting that covers the technical details.

    The full article can be viewed here.

    ~micael

  2. #2
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool

    Wow.. i love this.. heheh where can i get hold of this software??

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Originally posted by s0nIc
    Wow.. i love this.. heheh where can i get hold of this software??
    Try these url's

    Some more info: http://www.securityfocus.com/tools/2431
    Authors homepage: http://www.stearns.org/
    p0f "scanner": http://www.stearns.org/p0f/

    Please let my know your results from this tool.

    ~micael

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    429
    very interesting!
    I'm looking into p0f right now!


    J.

  5. #5
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193

    Talking

    good post micael.

    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •