Saturday, November 5, 2011

Using Machine Learnign Techniques for Advanced Passive Operating System Fingerprinting

Ok, guess I'm about a year out on this, but....

Anytime someone mentions your work in their master thesis, it is a nice thing to mention it and post a link!

His thesis can be found here.

He covers a lot of the same ground initially I did it my paper on OS Fingerprinting, but also covers a few tools and newer techniques that were not around back in 2005 or whenever it was that I wrote my paper on this subject. This is only in regards to the start of the paper, giving a quick overview of fingerprinting techniques and tools, he then dives deeply into other things that go well beyond what I've covered previously. I guess it is a master thesis,so it better!

He does bring up a good point/issue with passive fingerprinting and ipsec. Which since I'm working on a final project for school right now discussing network security and ipsec, it may be worth me looking into this a bit more!

DLink cloud managed solutions - offer dhcp fingerprinting in basic option

I don't have a lot of details here, I've been sitting on a lot of "Os fingerprinting" notices the past 6 months, been so busy with work and school I haven't posted much, but have some time to catch up this weekend.

Anyway, DLink has a cloud based solution that does DHCP OS Fingerprinting, more are more every day seem to finally be catching on on how to use this!

One of many articles can be found here.

OS fingerprinting with IPv6

I was sad to see they didn't go into DHCPv6 at all in this, but the author goes into IPv4 with IPv6 fingerprinting, some of what still works, some possible new stuff.

He did this for his GIAC Gold, maybe I should have used my DHCP presentation for Blackhat and got a Gold Cert on one of the many GIAC certs I hold. Oh well.

Check out the paper here.

ArubaOS 6.0.1.0 adds DHCP fingerprinting

They are using their own DB, but now the ArubaOS supports doing DHCP fingerprinting of devices on the network. You can find the writeup here

It is good to see more products doing this!

My original introduction to them doing this was this blog post:
http://airheads.arubanetworks.com/vBulletin/showthread.php?p=11211

There haven't been a lot of things published on this, but it is something new they've added recently.

Fingerbank presentation at Defcon 19

Ok, I knew Oliver did a presentation fingerbank, but didn't realize it was recorded.

It can be found here.

I did find it interesting that he said he was introducing fingerbank when we did that back in 2007, but it did die off and they brought it back!

Anyway, check it out if you want.