Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Abstract - Security Symposium - 2000

Defeating TCP/IP Stack Fingerprinting

Matthew Smart, G. Robert Malan, and Farnam Jahanian, University of Michigan


This paper describes the design and implementation of a TCP/IP stack fingerprint scrubber. The fingerprint scrubber is a new tool to restrict a remote user's ability to determine the operating system of another host on the network. Allowing entire subnetworks to be remotely scanned and characterized opens up security vulnerabilities. Specifically, operating system exploits can be efficiently run against a pre-scanned network because exploits will usually only work against a specific operating system or software running on that platform. The fingerprint scrubber works at both the network and transport layers to convert ambiguous traffic from a heterogeneous group of hosts into sanitized packets that do not reveal clues about the hosts' operating systems. This paper evaluates the performance of a fingerprint scrubber implemented in the FreeBSD kernel and looks at the limitations of this approach.
?Need help? Use our Contacts page.

Last changed: 29 Jan. 2002 ml
Technical Program
Conference index