The ubiquity of firewalls using Network Address Translation and Port Address Translation (NAT/PAT), stateful inspection, and packet normalization technologies is taking its toll on today’s approaches to operating system fingerprinting. Hence, SinFP was developed attempting to address the limitations of current tools. SinFP implements new methods, like the usage of signatures acquired by active fingerprinting when performing passive fingerprinting. Furthermore, SinFP is the first tool to perform operating system fingerprinting on IPv6 (both active and passive modes). Thanks to its signature matching algorithm, it is almost superfluous to add new signatures to its current database. In addition, its heuristic matching algorithm makes it highly resilient against signatures that have been modified by intermediate routing and/or filtering devices in-between, and against TCP/IP customization methods. This document presents an in-depth explanation of techniques implemented by SinFP tool.
[1]
David Green,et al.
Internet Protocol Version 6
,
2008,
IEEE Security & Privacy.
[2]
Lloyd G. Greenwald,et al.
Toward Undetected Operating System Fingerprinting
,
2007,
WOOT.
[3]
Stephen Deering,et al.
Internet Protocol Version 6(IPv6)
,
1998
.
[4]
Olivier Festor,et al.
IPv6 Neighbor Discovery Protocol based OS fingerprinting
,
2006
.
[5]
Jérémy Barbay.
Analyse fine : bornes inférieures et algorithmes de calculs d'intersection pour moteurs de recherche
,
2002
.
[6]
François Gagnon,et al.
A Hybrid Approach to Operating System Discovery using Answer Set Programming
,
2007,
2007 10th IFIP/IEEE International Symposium on Integrated Network Management.