Saturday, June 29, 2013

Patents on OS Fingerprinting - DHCP specifically

I'll admit, I've never looked much into patents and how they work (what protection they give you, how much they are worth, etc), but I'm curious how one gets one for OS fingerprinting?  Specifically on a technology that many people were freely writing about prior to the patent being filed.

Infoblox was one of my last posts after they popped up on a google alert and a buddy just sent me a link to this:

http://www.freepatentsonline.com/8458308.html

On Aug 23, 2006 they  filed this patent.  It took until Jun 4, 2013 for it to be approved if I read this correctly.

General history on DHCP fingerprinting from what I've found in my research on it over the years and my personal involvement in it:

Dave Hull and George F Willard III publish a paper on it from their research at KU.
Feb 2005 - http://kuscholarworks.ku.edu/dspace/bitstream/1808/584/1/NGDHCP.pdf

Many small spinoff programs start up based on the POC code and info.

March 2005 - I'm sitting in Iraq and find out about it myself for the first time looking through packets with no idea of the paper published the month before.  I was stoked when I first found out about using this technique and was a bit crushed when I found I wasn't the first to have found it.

I publish a general paper on OS fingerprinting and start discussing DHCP fingerprinting in more detail
August 2005 - http://chatteronthewire.org/download/OS%20Fingerprint.pdf

Sometime over the next two years I start working with David LaPorte from the PacketFence project to see if we can get something together to talk about DHCP fingeprinting at Blackhat.  We eventually get accepted to present it at BH Japan in 2007:
July 2007 - http://chatteronthewire.org/download/chatter-dhcp.pdf
October 2007 - http://chatteronthewire.org/download/bh-japan-laporte-kollmann-v8.ppt

During the last of my research I found indications that everyone listed so far was at least 2 years behind on this idea when we started talking about it in 2005 since there was a group out of Japan in Feb 2003 that published something on it!  Though I never found a translated copy on it at the time, you may be able to order a copy in Japanese here:
"New scheme for passive OS fingerprinting using DHCP message" - Joho Shori Gakkai Kenkyu Hokoku, Feb 2003!

Since 2007 many large companies have finally gotten onto the band wagon of DHCP fingerprinting which I'm glad to see.  It has taken 10 years since the first papers I'm aware of and at going on 6 years after the BH 2007 event which seemed to generate a lot of interest.  I know this since I had calls and some emails from at least one very large company now doing it and many small companies over the years.

I'm hoping that this patent doesn't cause any issues in the world of using DHCP fingerprinting for OS identification, but only time will tell.

No comments: