![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: "Ofir Arkin" <ofir@sys-security.com> To: <bugtraq@securityfocus.com> Subject: X White Paper Released Date: Tue, 14 Aug 2001 06:09:11 +0200 Hello all, We are happy to announce the availability of X white paper. This follows our release of Xprobe the tool (now version 0.0.1p1). The White paper explains the reasons, design, techniques used and logic behind the tool, as well as future directions and thoughts. "X is a logic which combines various remote active operating system fingerprinting methods using the ICMP protocol, which were discovered during the "ICMP Usage in Scanning" research project, into a simple, fast, efficient and a powerful way to detect an underlying operating system a targeted host is using. Xprobe is a tool written and maintained by Fyodor Yarochkin (fygrave@tigerteam.net) and Ofir Arkin (ofir@sys-security.com) that automates X. Why X? X is a very accurate logic. Xprobe is an alternative to some tools which are heavily dependent upon the usage of the TCP protocol for remote active operating system fingerprinting. This is especially true when trying to identify some Microsoft based operating systems, when TCP is the protocol being used with the fingerprinting process. Since the TCP implementation with Microsoft Windows 2000 and Microsoft Windows ME, and with Microsoft Windows NT 4 and Microsoft Windows 98/98SE are so close, usually when using the TCP protocol with a remote active operating systems fingerprinting process we are unable to differentiate between these Microsoft based operating system groups. And this is only an example. As we will demonstrate the number of datagrams we need to send and receive in order to remotely fingerprint a targeted machine with X is small. Very small. In fact we can send one datagram and receive one reply and this will help us identify up to eight different operating systems (or groups of operating systems). The maximum datagrams the tool will send is four. This is the same number of replies we will need. This makes Xprobe very fast as well..." The White paper can be downloaded from: http://www.sys-security.com/archive/papers/X_v1.0.pdf [~321k] http://www.sys-security.com/archive/papers/X_v1.0.zip [~169k] X Homepage: http://www.sys-security.com/html/projects/X.html Xprobe Download: http://www.sys-security.com/archive/tools/X/xprobe-0.0.1p1.tar.gz [~49k] Any suggestions and remarks are more than welcomed. Ofir Arkin [ofir@sys-security.com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA Fyodor Yarochkin [fygrave@tigerteam.net] PGP 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1