Chapter 5: The Libsf Library
Overview
URL: |
|
Primary authors: | Shawn Bracken and Mike Schiffman |
Component type: | C language library, remote operating system detection |
License: | BSD, (Fingerprints are GPL) |
Version profiled: | 0.1 |
Dependencies: | libpcap, libnet-l.l.x, libdb-1 |
Remote OS detection is the family of methods used to discern the OS running on a remote machine. This tool can be extremely useful in the network security practitioner's arsenal. It cuts down on the time and complexity required for penetration testing and network hardening as well as network administration.
Classical remote OS detection techniques involved a variety of high-profile methods such as gleaning OS-related information from banners that network daemons display upon connection or downloading native binaries from a machine (via FTP or HTTP) and determining for which architecture the binary was built. Contemporary remote OS detection techniques are much more surgical in that they involve collecting, collating, and correlating (fingerprinting) specific information inside network packets at the network and transport layer. Libsf is a small library to enable the application programmer to perform contemporary remote OS detection via examination of these different protocol layers, referred to collectively as the network "stack." The library extends this stack fingerprinting functionality across a wide range of platforms.
No comments:
Post a Comment