Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: TCP timestamp & advanced fingerprinting
From: Erwan Arzur <erwan () lse epita fr>
Date: Tue, 29 Mar 2005 10:47:10 +0200
Bruce Klein wrote:

How does this compare with [Prs2002] Clock Deviation/Skew as a
Forensics/Tracking Tool research done by Tadayoshi Kohno.

http://www.cse.ucsd.edu/users/tkohno/


Bruce Klein
iovation, Inc.



Hello Bruce,
I think the way he took the problem is much simpler than in this paper (and it gathers less informations about the hosts, too). The technique is described in this paper from Bret Mc Danel : http://www.0xdecafbad.com/TCP-Timestamping-Obtaining-System-Uptime-Remotely.html, who was kind enough to point us to it (we need to update the paper to give him the credit he deserves), the paper & tool use the statistical differences between the timestamps to separate services behind a screening router doing NAT, allowing network mapping behind a firewall, not fingerprinting of a single computer. 

Erwan

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]