Improved Network Security and Disguising TCP/IP Fingerprint through Dynamic Stack Modification

Abstract : Each computer on a network has an Operating System (OS) Fingerprint that can be collected through various applications. Because of the complexity of network systems, vulnerabilities and exploitations of the same to gain access to systems will always be a problem. Those wishing to attack a system can use the OS Fingerprint to identify the types of vulnerabilities and software exploits that will be effective against the system. This paper discusses how system vulnerabilities become exploited and used by network attackers. Because OS Fingerprints are one of many tools network attackers will use to identify and attack a system, concealing a system's OS Fingerprint becomes an important part of securing the system. To demonstrate the capability of concealing the OS Fingerprint of a system, a prototype system was developed. This prototype changed the OS Fingerprint of a Linux system so that it matched a Windows NT system.

[1]  Tzi-cker Chiueh,et al.  CTCP: a transparent centralized TCP/IP architecture for network security , 2004, 20th Annual Computer Security Applications Conference.

[2]  Rob Beck Passive-aggressive resistance: OS fingerprint evasion , 2001 .

[3]  Jiang Wei-hua,et al.  The application of ICMP protocol in network scanning , 2003, Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies.

[4]  J. Voas,et al.  The pros and cons of Unix and Windows security policies , 2000 .

[5]  David M. Watson,et al.  Protocol scrubbing: network security through transparent flow modification , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[6]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[7]  Mark A. Bullimore Ring out the old, ring in the new. , 1988, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[8]  Farnam Jahanian,et al.  Defeating TCP/IP Stack Fingerprinting , 2000, USENIX Security Symposium.

[9]  Of references. , 1966, JAMA.

[10]  J.M. Andujar,et al.  Detecting security vulnerabilities in remote TCP/IP networks: an approach using security scanners , 1999, Proceedings IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology (Cat. No.99CH36303).

[11]  Kulsoom Abdullah,et al.  Passive visual fingerprinting of network attack tools , 2004, VizSEC/DMSEC '04.

[12]  David Watson,et al.  Transport and application protocol scrubbing , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).