Comparison overview of an active fingerprinting application of the second and the third layer of TCP/IP stack

Authors

  • Volodymyr Mosorov Lodz University of Technology 18\22 Stefanowskiego str., Lodz, Poland, 90-924, Poland
  • Sebastian Biedron Lodz University of Technology 18\22 Stefanowskiego str., Lodz, Poland, 90-924, Poland
  • Taras Panskyi Lodz University of Technology Stefanowskiego str. 18\22, Lodz, Poland, 90-924, Poland https://orcid.org/0000-0002-8152-0395

DOI:

https://doi.org/10.15587/1729-4061.2015.50983

Keywords:

TCP/IP stack layer, data link layer, active fingerprinting

Abstract

Nowadays, computer networks have become as popular as telephone networks fifteen years ago and by the year they are playing ever more important functions in human life. Not only they have created huge opportunities in many areas of life, facilitating communications or obtaining information, but also have provided online entertainment as well. The invention, originally developed for military purposes in one of the darkest periods of human civilization, has become the greatest discovery of the twentieth century, connecting millions of people around the world into one big community. Whatever the differences in size or devices used, a computer network can be defined as a combination of terminal devices, transmission medium, intermediate communication devices and network software (network area). Currently, anyone can build their own network or join the largest of them - the Internet - via a local Internet provider. Unfortunately, the Internet is not only a virtually unlimited source of information, entertainment, communication, and work. Alongside its positive aspects and conveniences it poses numerous risks to uninformed users. This publication aims to cast light on the aspects of the method of sampling operating systems security of network computers, i.e. active fingerprinting of the data link layer and Internet TCP/IP stack layer.

Author Biographies

Volodymyr Mosorov, Lodz University of Technology 18\22 Stefanowskiego str., Lodz, Poland, 90-924

Doctor of Technical Science

Institute of Applied Computer Science

Sebastian Biedron, Lodz University of Technology 18\22 Stefanowskiego str., Lodz, Poland, 90-924

Postgraduate student

Institute of Applied Computer Science

Taras Panskyi, Lodz University of Technology Stefanowskiego str. 18\22, Lodz, Poland, 90-924

Postgraduate student

Institute of Applied Computer Science

References

  1. De Montigny-Leboeuf, A. (2005). A Multi-Packet Signature Approach to Passive Operating System Detection. Communications Research Centre Canada.
  2. Arkin, O. (2001). Active & Passive Fingerprinting of Microsoft based Operating Systems using the ICMP Protocol.
  3. Lloyd, G. G., Tavaris J. T. Evaluating Tests used in Operating System Fingerprinting. LGS Bell Labs Innovations Technical Memorandum TM-071207. Available at: http://alcatel-lucent.de/wps/DocumentStreamerServlet?LMSG_CABINET=LGS_Resources&LMSG_CONTENT_FILE=LGS_White_Papers/GreenwaldThomasTM-071207.pdf
  4. Pallavi, M. TCP/IP STACK Fingerprinting. Raport.
  5. João Paulo, S. M., Agostinho de Medeiros, B. J., Paulo S., Motta, P. (2011). A Qualitative Survey of Active TCP/IP Fingerprinting Tools and Techniques for Operating Systems Identification. 4th International Conference CISIS, 68–75. doi: 10.1007/978-3-642-21323-6_9
  6. Allen, J. M. (2007). OS and Application Fingerprinting Techniques. SANS Institute InfoSec Reading Room.
  7. Templeton, S. J., Levitt, K. E. (2003). Detecting Spoofed Packets. In proceedings of the DARPA Information Survivability Conference and Exposition.
  8. Beverly, R., Berger, A. (2015). Server Siblings: Identifying Shared IPv4/IPv6 Infrastructure via Active Fingerprinting. 16th International Conference, PAM 2015, 149–161. doi: 10.1007/978-3-319-15509-8_12
  9. Auffret, P. (2010). SinFP, Unification Of Active And Passive Operating System Fingerprinting. Journal in Computer Virology, 6 (3), 197–205. doi: 10.1007/s11416-008-0107-z
  10. Arkin, O. (2003). Revolutionizing Active Operating System Fingerprinting The Present & Future of Xprobe2. Sys-Security Group.
  11. Fyodor (2008). Nmap: Scanning the Internet. Black Hat Briefings Defcon 16.
  12. Maurice, C., Onno, S., Neumann, C., Heen, O., Francillon, A. (2013). Improving 802.11 Fingerprinting of Similar Devicesby Cooperative Fingerprinting. SECRYPT 2013, 10th International Conference on Security and Cryptography.
  13. Tomaszewski, M., Szmit, M., Gusta, M. (2005). Haking – Sprzątanie pajęczyn -detekcja nielegalnego współdzielenia łącza. Hakin9, 2, 10.
  14. Sanders, C. (2011). Operating System Fingerprinting with Packets. Available at: http://www.windowsecurity.com/articles-tutorials/intrusion_detection/Operating-System-Fingerprinting-Packets-Part1.html
  15. Shu, G., Lee, D. (2006). Network Protocol System Fingerprinting – A Formal Approach. Proceedings of 25th IEEE International Conference on Computer Communications. doi: 10.1109/infocom.2006.157
  16. Sobolewski, P. (2006). Czy da się oszukać fingerprinting warstwy aplikacji. Hakin9, 6, 15.
  17. Zalewski, M. (2005). Cisza w sieci. Helion, 304.
  18. Arkin, O. (2001). Xprobe - Remote ICMP Based OS Fingerprinting Techniques. Managing Security Architect.
  19. Crowley, D. (2008). Advanced application-level OS fingerprinting: Practical approaches and examples.
  20. Prigent, G., Vichot, F., Harrouet, F. (2010). IpMorph: Fingerprinting spoofing unification. Journal in Computer Virology, 6 (4), 329–342.

Downloads

Published

2015-10-20

How to Cite

Mosorov, V., Biedron, S., & Panskyi, T. (2015). Comparison overview of an active fingerprinting application of the second and the third layer of TCP/IP stack. Eastern-European Journal of Enterprise Technologies, 5(9(77), 53–59. https://doi.org/10.15587/1729-4061.2015.50983

Issue

Vol. 5 No. 9(77) (2015): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2015 Taras Panskyi, Volodymyr Mosorov, Sebastian Biedron

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.