Network Security: Detailed info on Re: TCP timestamp & advanced fingerprinting

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: TCP timestamp & advanced fingerprinting

from [Erwan Arzur] Network Security

[Permanent Link]

Subject:	Re: TCP timestamp & advanced fingerprinting
Date:	Tue, 29 Mar 2005 10:47:10 +0200

Bruce Klein wrote:

How does this compare with [Prs2002] Clock Deviation/Skew as a
Forensics/Tracking Tool research done by Tadayoshi Kohno.

http://www.cse.ucsd.edu/users/tkohno/


Bruce Klein
iovation, Inc.


Hello Bruce,

I think the way he took the problem is much simpler than in this paper (and it gathers less informations about the hosts, too). The technique is described in this paper from Bret Mc Danel : http://www.0xdecafbad.com/TCP-Timestamping-Obtaining-System-Uptime-Remotely.html, who was kind enough to point us to it (we need to update the paper to give him the credit he deserves), the paper & tool use the statistical differences between the timestamps to separate services behind a screening router doing NAT, allowing network mapping behind a firewall, not fingerprinting of a single computer.

Erwan

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
TCP timestamp & advanced fingerprinting, Erwan Arzur RE: TCP timestamp & advanced fingerprinting, Bruce Klein Re: TCP timestamp & advanced fingerprinting, Erwan Arzur <=

Previous by Date:	Multiple sql injection, and xss vulnerabilities in AspApp, dcrab
Next by Date:	Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Tavis Ormandy
Previous by Thread:	RE: TCP timestamp & advanced fingerprinting, Bruce Klein
Next by Thread:	phpbb 2.0.13 Exploit (bug), tOnk3r
Indexes:	[Date] [Thread] [Top] [All Lists]