The following problem (as discussed in this paper)
has not yet been identified. Certain firewalls today,
will not authenticate the validity of certain protocol
fields, within the packet they are processing.
The risk is exposure of information. What kind of
information can be exposed? Mainly it will be unique
patterns of behavior produced by the probed machines
answering our crafted queries (or other kind of network
traffic initiated in order to elicit a reply). Those
patterns will help a malicious computer attacker to
identify the operating systems in use.
In my research paper “ICMP Usage In Scanning ” I have
introduced new operating system fingerprinting methods
based on changing values inside certain fields of the
ICMP datagram. Using some of these methods I will
demonstrate the risk.
The paper is available from:
http://www.sys-security.com/archive/papers/Unverified_Fields_1.0.pdf
http://www.sys-security.com/archive/papers/Unverified_Fields_1.0.ps
Cheers
Ofir Arkin [ofir_at_itcon-ltd.com]
Senior Security Analyst
Chief of Grey Hats
ITcon, Israel.
http://www.itcon-ltd.com
Personal Web page: http://www.sys-security.com
"Opinions expressed do not necessarily
represent the views of my employer."
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Oct 14 2000
Intro
