Abstract - Security Symposium - 2000
Defeating TCP/IP Stack Fingerprinting
Matthew Smart, G. Robert Malan, and Farnam Jahanian, University of Michigan
Abstract
This paper describes the design and implementation of a TCP/IP stack
fingerprint scrubber.
The fingerprint scrubber is a new tool to restrict a remote user's ability
to determine
the operating system of another host on the network.
Allowing entire subnetworks to be remotely scanned and characterized
opens up security vulnerabilities.
Specifically, operating system exploits can be efficiently run
against a pre-scanned network
because exploits will usually only work against a specific operating system
or software running on that platform.
The fingerprint scrubber works at both the
network and transport layers to convert ambiguous traffic from a
heterogeneous group of hosts into sanitized packets that do not
reveal clues about the hosts' operating systems. This paper evaluates the
performance of a fingerprint scrubber implemented in the FreeBSD kernel
and looks at the limitations of this approach.
|