[ntp:questions] Re: Fingerprinting hosts by clock skew
mayer at gis.net
mayer at gis.net
Wed Mar 9 23:02:06 UTC 2005
----- Original Message Follows -----
> At 4:52 PM -0500 2005-03-09, mayer at gis.net wrote:
>
> > It's not worth bothering with all this. I've seen code that use two
> > or three ICMP messages to fingerprint your system and tell exactly
> > what you're running for O/S and hardware. You don't even need to
> > worry about the clock. It can tell just be looking at how it
> handles the message.
>
> I know about nmap, and I have some idea of how it works. One
> problem is that a lot of places block ICMP, and many host-level
> firewalling implementations will do the same. Operating systems like
> OpenBSD will randomize certain aspects of any response packets that
> do get sent back, and the result will be a machine that will be
> difficult or impossible to determine what they're running.
>
This technique has nothing to do with nmap. It's something else
entirely.
Unfortunately I don't remember any of the details.
Danny
More information about the questions
mailing list