[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fingerprinting DNS implementations.

To: Roy Arends <roy@logmess.com>
Subject: Re: Fingerprinting DNS implementations.
From: Dean Anderson <dean@av8.com>
Date: Wed, 10 Dec 2003 13:53:38 -0500 (EST)
Cc: namedroppers@ops.ietf.org, Jakob Schlyter <jakob@rfc.se>
In-reply-to: <Pine.LNX.4.58.0312101454010.21161@elektron.atoom.net>

On Wed, 10 Dec 2003, Roy Arends wrote:

> Vendors do not obscure responses. How do you obscure responses ? Create
> but not send ? Response-Sensorship ?

Nmap fingerprints OS's by TCP signatures, using much the same methods as
you described, in principle anyway.  There are tools for linux and I think
*BSD that will alter the responses so that this fingerprinting fails to
identify the true OS.

This could get into a sort of war of fingerprinting and obscuring changes,
which would seem to be destructive...

		--Dean

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: Fingerprinting DNS implementations.
  - From: Ted Lemon <mellon@nominum.com>

References:
- Re: Fingerprinting DNS implementations.
  - From: Roy Arends <roy@logmess.com>

Prev by Date: Re: nsec-01, bit 0
Next by Date: Re: Fingerprinting DNS implementations.
Previous by thread: Re: Fingerprinting DNS implementations.
Next by thread: Re: Fingerprinting DNS implementations.
Index(es):
- Date
- Thread