poster

K-p0f: a high-throughput kernel passive OS fingerprinter

Authors:

Jason Barnes,

Patrick CrowleyAuthors Info & Claims

ANCS '13: Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems

Pages 113 - 114

Published: 21 October 2013 Publication History

Get Access

Abstract

Most critical security vulnerabilities depend on the OS. If a hacker finds a machine with a vulnerable OS, then he can attack the system. Network administrators can defend against OS-specific attacks if they can find vulnerable machines before hackers do, but physically checking or actively scanning a large network can take time and resources. This paper describes a modification of p0f implemented in the Linux kernel, called k-p0f, which is a tool for this problem. This paper describes the design of k-p0f and compares its performance to p0f with both laboratory-generated and real-world traffic.

References

[1]

B Braun, L., Didebulidze, A., Kammenhuber, N., & Carle, G. (2010, November). Comparing and improving current packet capturing solutions based on commodity hardware. In Proceedings of the 10th annual conference on Internet measurement (pp. 206--217). ACM.

Digital Library

Google Scholar

[2]

Lyon, Gordon Fyodor. "Nmap Network Scanning: The Official Nmap Project Guide To Network Discovery And Security Scanning Author: Gordon Fyodor L." (2009): 468.

Digital Library

Google Scholar

[3]

Schultz, Michael J., Ben Wun, and Patrick Crowley. "A Passive Network Appliance for Real-Time Network Monitoring." Architectures for Networking and Communications Systems (ANCS), 2011 Seventh ACM/IEEE Symposium on. IEEE, 2011.

Digital Library

Google Scholar

[4]

Wiseman, C., Turner, J., Becchi, M., Crowley, P., DeHart, J., Haitjema, M., ... & Zar, D. (2008, November). A remotely accessible network processor-based router for network experimentation. In Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems(pp. 20--29). ACM.

Digital Library

Google Scholar

[5]

Zalewski, M. "p0f v3 README", 2012. http://lcamtuf.coredump.cx/p0f3/README

Google Scholar

Index Terms

K-p0f: a high-throughput kernel passive OS fingerprinter
1. Networks
  1. Network services
    1. Network monitoring

Recommendations

The windows of pivate DNS updates

This work is motivated by the observation of one particular type of unwanted traffic -- dynamic DNS updates for private (RFC1918) addresses, which leaks to global network. This spurious traffic not only wastes network resources but also jeopardizes ...
Remote Operating System Classification over IPv6
AISec '15: Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security

Differences in the implementation of common networking protocols make it possible to identify the operating system of a remote host by the characteristics of its TCP and IP packets, even in the absence of application-layer information. This technique, "...
Automated asset discovery in industrial control systems: exploring the problem
ICS-CSR '15: Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research

Vulnerabilities within Industrial Control Systems (ICS) and Critical National Infrastructure (CNI) represent a significant safety, ecological and economical risk to owners, operators and nation states. Numerous examples from recent years are available ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ANCS '13: Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems

October 2013

236 pages

ISBN:9781479916405

General Chair:
Walid A. Najjar
University of California Riverside, USA
,
Program Chairs:
Raj Yavatkar
Intel, USA
,
Scott Rixner
Rice University, USA

Publisher

IEEE Press

Publication History

Published: 21 October 2013

Check for updates

Author Tags

Qualifiers

Poster

Acceptance Rates

Overall Acceptance Rate 88 of 314 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
99
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Nov 2024

Other Metrics

View Author Metrics

Citations

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Index Terms

Recommendations

The windows of pivate DNS updates

Remote Operating System Classification over IPv6

Automated asset discovery in industrial control systems: exploring the problem