Document Type
Conference Proceeding
Publisher
Edith Cowan University
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science
RAS ID
3076
Abstract
TCP/IP fingerprinting is a common technique used to detect unique network stack characteristics of an Operating System (OS) . Its usage for network compromise is renowned for performing host discovery and in aiding the blackhat to determine a tailored exploit of detected OSs. The honeyd honeynet is able to countermeasure blackhats utilising TCP/IP fingerprinting via host device emulation on a virtual network. Honeyd allows the creation of host personalities that respond to network stack fingerprinting as a real network would. The nature of this technique however, has shown to provide inconsistent and unreliable results when performed over wired and wireless network mediums. This paper presents ongoing research into the TCP/IP fingerprinting capabilities of the popular host discovery tool Network Mapper (NMAP) on the honeyd honeynet. The forensic analysis of raw packet-captures allowed the researcher to identify differences in the modus operandi and outcomes of fingerprinting over the two mediums. The results of this exploratory study show the process of discovery to uncover how TCP/IP fingerprinting with NMAP and honeyd needs to be tested for effective network countermeasure.
Access Rights
free_to_read
Comments
Yek, S. (2005). Blackhat fingerprinting of the wired and wireless honeynet. Proceedings of the 3rd Australian Computer, Network and Information Forensics Conference. (pp. 115-125). Perth, WA: Edith Cowan University.