| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Aug 2006 18:45:26 +0200 From: Thierry Zoller <Thierry@...ler.lu> To: full-disclosure@...ts.grok.org.uk, news@...uriteam.com, <submissions@...ketsormsecurity.org> Cc: Subject: FYI : Satori - Passive OS fingerprinting, revisited Dear List, Just posted a bit of information about a tool that (imho) has seen not the spotlight it deserves. It's name is Satori. Excerpt from my post : --------------------------------------------------------------------- I started using this tool last year ago and it became immediately obvious to me that this is a great tool to have. It's name is Satori [1] , if you never heard about it that's not a proof the tool is no good but rather that it's Author Eric Kollman does not really seem to care if you do (or at least doesn't scream it from the top of every house) I found out about Satori while reading the paper [2] "Chatter on the Wire" (from the same author) which goes into great length about passive OS fingerprinting and it's potential for improvement as done by several other tools. What is interesting is that the paper was not only theoretical but rather practical, it's outcome was Satori, a beautiful plug-in based Passive enumeration and Fingerprinting tool. Satori uses Winpcap and captures packets passively at the NDIS level, every packet flying by is being scrutinised for information that might determine it's OS. Nothing new here you might say, well Satori does the fingerprinting on : DHCP, BOOTP, ICMP, TCP, CDP, EIGRP, HPSP , HSRP, HTTP, ICMP, IPX, SMB, SNMP, STP, UPNP precisely enough to either correlate the results with nmap or to rely on them. It makes spotting potential vulnerable systems a breeze. -------------------------------------------------------------------- I'd like to encourage you to submit singatures or even plugins to the Author. He is actively developing it and is very interested in feedback. [3] [1] Satori : http://myweb.cableone.net/xnih/mortalx.htm [2] Chatter on the Wire : http://myweb.cableone.net/xnih/download/OS%20FingerPrint.pdf [3] Eric Kollmann <xnih13@...il.com> -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 4813 c403 58f1 1200 7189 a000 7cf1 1200 9f89 a000 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists