论文信息 - SYNSCAN : Towards Complete TCP / IP Fingerprinting

SYNSCAN : Towards Complete TCP / IP Fingerprinting

A tool for TCP stack testing and TCP/IP fingerprinting (a.k.a. OS detection) is introduced. While tools presently exist to do either OS detection[1, 2] or TCP stack testing[3, 4], the methods they employ are limited by the techniques and analysis performed, sometimes resulting in incorrect results or no results at all. We introduce synscan, a tool whose objective is to fingerprint every aspect of a TCP/IP implementation. synscan is not meant as a proof-of-concept tool; rather, it is a robust and useful tool which can be used in addition to others for TCP/IP stack testing and OS detection. synscan incorporates most of the techiques used by the existing tools and introduces a number of new ones. synscan’s primary advantage is that each test begins with a TCP SYN segment (hence the name) to an open port, giving it the ability to test and fingerprint even the most fortified hosts. Conclusive data from large network scans and comparisons to results from existing tools are also reported.

Greg Taleck

[1] V. Jacobson,et al. Congestion avoidance and control , 1988, SIGCOMM '88.

[2] Vern Paxson,et al. Automated packet trace analysis of TCP implementations , 1997, SIGCOMM '97.

[3] Thomas Henry Ptacek,et al. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[4] Stefan Savage,et al. Sting: A TCP-based Network Measurement Tool , 1999, USENIX Symposium on Internet Technologies and Systems.

[5] Sally Floyd,et al. Promoting the use of end-to-end congestion control in the Internet , 1999, TNET.

[6] Sally Floyd,et al. The NewReno Modification to TCP's Fast Recovery Algorithm , 2004, RFC.

[7] S. Floyd,et al. On inferring TCP behavior , 2001, SIGCOMM '01.

[8] Franck Veysset,et al. New Tool And Technique For Remote Operating System Fingerprinting , 2002 .

[9] Vern Paxson,et al. Active mapping: resisting NIDS evasion without altering traffic , 2003, 2003 Symposium on Security and Privacy, 2003..

[10] Greg Taleck,et al. Ambiguity Resolution via Passive OS Fingerprinting , 2003, RAID.

[11] Marcin Zalewski,et al. Strange attractors and tcp/ip sequence number analysis , 2004 .

[12] Bogdan M. Wilamowski,et al. The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.