This paper describes the design and implementation of a TCP/IP stack fingerprint scrubber. The fingerprint scrubber is a new tool to restrict a remote user's ability to determine the operating system of another host on the network. Allowing entire subnetworks to be remotely scanned and characterized opens up security vulnerabilities. Specifically, operating system exploits can be efficiently run against a pre-scanned network because exploits will usually only work against a specific operating system or software running on that platform. The fingerprint scrubber works at both the network and transport layers to convert ambiguous traffic from a heterogeneous group of hosts into sanitized packets that do not reveal clues about the hosts' operating systems. This paper evaluates the performance of a fingerprint scrubber implemented in the FreeBSD kernel and looks at the limitations of this approach.
[1]
John H. Hartman,et al.
Optimizing TCP forwarder performance
,
2000,
TNET.
[2]
Vern Paxson,et al.
Automated packet trace analysis of TCP implementations
,
1997,
SIGCOMM '97.
[3]
David Watson,et al.
Transport and application protocol scrubbing
,
2000,
Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).
[4]
Raj Yavatkar,et al.
The Phoenix framework: a practical architecture for programmable networks
,
2000
.