6902644 2001-08-14 06:09 +0200  /72 rader/ Ofir Arkin <ofir@sys-security.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-08-14  20:38  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <18761>
Ärende: X White Paper Released
------------------------------------------------------------
From: "Ofir Arkin" <ofir@sys-security.com>
To: <bugtraq@securityfocus.com>
Message-ID: <000901c12476$f273f0f0$c30d08d5@godfather>

Hello all,

We are happy to announce the availability of X white paper.

This follows our release of Xprobe the tool (now version 0.0.1p1). The
White paper explains the reasons, design, techniques used and logic
behind the tool, as well as future directions and thoughts. 


"X is a logic which combines various remote active operating system
fingerprinting methods using the ICMP protocol, which were discovered
during the "ICMP Usage in Scanning" research project, into a simple,
fast, efficient and a powerful way to detect an underlying operating
system a targeted host is using. 

Xprobe is a tool written and maintained by Fyodor Yarochkin
(fygrave@tigerteam.net) and Ofir Arkin (ofir@sys-security.com) that
automates X.

Why X?
X is a very accurate logic. 

Xprobe is an alternative to some tools which are heavily dependent
upon the usage of the TCP protocol for remote active operating system
fingerprinting. This is especially true when trying to identify some
Microsoft based operating systems, when TCP is the protocol being
used with the fingerprinting process. Since the TCP implementation
with Microsoft Windows 2000 and Microsoft Windows ME, and with
Microsoft Windows NT 4 and Microsoft Windows 98/98SE are so close,
usually when using the TCP protocol with a remote active operating
systems fingerprinting process we are unable to differentiate between
these Microsoft based operating system groups.  And this is only an
example.

As we will demonstrate the number of datagrams we need to send and
receive in order to remotely fingerprint a targeted machine with X is
small. Very small. In fact we can send one datagram and receive one
reply and this will help us identify up to eight different operating
systems (or groups of operating systems). The maximum datagrams the
tool will send is four. This is the same number of replies we will
need. This makes Xprobe very fast as well..."

The White paper can be downloaded from:
http://www.sys-security.com/archive/papers/X_v1.0.pdf [~321k]
http://www.sys-security.com/archive/papers/X_v1.0.zip [~169k]

X Homepage:
http://www.sys-security.com/html/projects/X.html

Xprobe Download:
http://www.sys-security.com/archive/tools/X/xprobe-0.0.1p1.tar.gz
[~49k]


Any suggestions and remarks are more than welcomed.


Ofir Arkin [ofir@sys-security.com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA


Fyodor Yarochkin 
[fygrave@tigerteam.net]
PGP 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1
(6902644) /Ofir Arkin <ofir@sys-security.com>/(Ombruten)