Title

Investigating the Accuracy of Wired and Wireless TCP/IP Fingerprinting on Honeyd

Document Type

Journal Article

Publisher

School of Computer and Information Science

Faculty

Computing, Health and Science

School

Computing, Health and Science

RAS ID

4730

Comments

This article was originally published as: Yek, S. (2006). Investigating the Accuracy of Wired and Wireless TCP/IP Fingerprinting on Honeyd. Journal of Information Warfare, 5(1). Original available here

Abstract

TCP/IP fingerprinting is a technique used to identify the unique network stack characteristics of an Operating System (OS) and may identify a digital device by its version, vendor and operating platform. The popular network scanning tool Network Mapper (NMAP) employs TCP/IP fingerprinting to discover host to a high degree of granularity from the manipulation of flag settings in packets. In this research, the honeyd honeynet was configured to test the accuracy of NMAP OS name resolution over a wired and wireless medium. The results indicated how the TCP/IP spoofing capabilities of honeyd could be a realistic network countermeasure.