CVE
- Id
- 453
- CVE No.
- CVE-1999-0454
- Status
- Candidate
- Description
- A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
- Phase
- Proposed (19990728)
- Votes
- MODIFY(1) Frech | NOOP(2) Christey, Wall | REJECT(2) Baker, Northcutt
- Comments
- Northcutt> Nmap and queso are the tip of the iceberg and not the most advanced | ways to accomplish this. To pursue making the world signature free | is as much a vulnerability as having signatures, nay more. | Frech> XF:decod-nmap(2053) | XF:decod-queso(2048) | Christey> Add "fingerprinting" to facilitate search. | Some references: | MISC:http://www.insecure.org/nmap/nmap-fingerprinting-article.html | BUGTRAQ:19981228 A few more fingerprinting techniques - time and netmask | http://marc.theaimsgroup.com/?l=bugtraq&m=91489155019895&w=2 | BUGTRAQ:19990222 Preventing remote OS detection | http://marc.theaimsgroup.com/?l=bugtraq&m=91971553006937&w=2 | BUGTRAQ:20000901 ICMP Usage In Scanning v2.0 - Research Paper | http://marc.theaimsgroup.com/?l=bugtraq&m=96791499611849&w=2 | BUGTRAQ:20000912 Using the Unused (Identifying OpenBSD, | http://marc.theaimsgroup.com/?l=bugtraq&m=96879267724690&w=2 | BUGTRAQ:20000912 The DF Bit Playground (Identifying Sun Solaris & OpenBSD OSs) | http://marc.theaimsgroup.com/?l=bugtraq&m=96879481129637&w=2 | BUGTRAQ:20000816 TOSing OSs out of the window / Fingerprinting Windows 2000 with | http://marc.theaimsgroup.com/?l=bugtraq&m=96644121403569&w=2 | BUGTRAQ:20000609 p0f - passive os fingerprinting tool | http://marc.theaimsgroup.com/?l=bugtraq&m=96062535628242&w=2 | Baker> I think we can probably reject this as the corollary is that you can identify OS from a IP/TCP packet sent by a system, looking at various parts of the SYN packet. Unless we believe that all systems should always use identical packet header/identical responses, in which case the protocol should not permit variation.
