Passive OS Fingerprinting by DNS Traffic Analysis

Matsunaka, Takashi; Yamada, Akira; Kubota, Ayumu

doi:10.1109/aina.2013.119

Cited by 30 publications

(11 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lippmann et al [8] proposed a method for operating system identification from TCP/IP packet headers and their normalization for use in different networks. these characteristics were complemented by analysis of application layer headers of DNS traffic [9] or update procedures [10] or user-agent field [11]. The following work showed that passive identification is possible even in encrypted traffic [12] and that combination or the approaches [13] can enhance the results in heterogeneous networks.…”

Section: Background and Related Workmentioning

confidence: 99%

Network Monitoring and Enumerating Vulnerabilities in Large Heterogeneous Networks

Laštovička

Husák

Sadlek

2020

NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

In this paper, we present an empirical study on vulnerability enumeration in computer networks using common network probing and monitoring tools. We conducted active network scans and passive network monitoring to enumerate software resources and their version present in the network. Further, we used the data from third-party sources, such as Internet-wide scanner Shodan. We correlated the measurements with the list of recent vulnerabilities obtained from NVD using the CPE as a common identifier used in both domains. Subsequently, we compared the approaches in terms of network coverage and precision of system identification. Finally, we present a sample list of vulnerabilities observed in our campus network. Our work helps in approximating the number of vulnerabilities and vulnerable hosts in large networks, where it is often impractical or costly to perform vulnerability scans using specialized tools, and in situations, where a quick estimate is more important than thorough analysis.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Network Monitoring and Enumerating Vulnerabilities in Large Heterogeneous Networks

Laštovička

Husák

Sadlek

2020

NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

show abstract

“…However, TCP/IP headers can also be used, e.g., for OS fingerprinting. OS can be detected using information from network flows (TTL, SYN packet size, TCP window size, User-Agent) [21], DNS traffic analysis [22], or using combination of previous and prebuilt dictionary such as in p0f tool [23]. Regarding the client identification, remote psychical client fingerprinting using clock skews was described by Kohno et al [24].…”

Section: Related Workmentioning

confidence: 99%

HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting

Husák

Čermák

Jirsík

et al. 2016

EURASIP J. on Info. Security

View full text Add to dashboard Cite

The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshake. The fingerprints of SSL/TLS handshakes, including a list of supported cipher suites, differ among clients and correlate to User-Agent values from a HTTP header. We built up a dictionary of SSL/TLS cipher suite lists and HTTP User-Agents and assigned the User-Agents to the observed SSL/TLS connections to identify communicating clients. The dictionary was used to classify live HTTPS network traffic. We were able to retrieve client types from 95.4 % of HTTPS network traffic. Further, we discussed host-based and network-based methods of dictionary retrieval and estimated the quality of the data.

show abstract

“…The application of this technique to the Web, in particular, has been heavily deliberated as some institutions attempt to use it to track individuals (e.g., for targeted marketing campaigns), and privacy advocates aim to the contrary and to preserve some sense of anonymity online [19]. Given its success on the Web (typically via browser fingerprinting), there have been several other areas where fingerprinting has been applied, including identifying smartphone devices [20] and operating systems (OSs) [5]. The relevance of these contributions is that they highlight the fact that through inadvertently created data, much about devices and user identities can be inferred, thereby having a direct impact on a user's privacy.…”

Section: Related Workmentioning

confidence: 99%

“…By social relationships, we refer to offline associations between individuals, and the features of those associations including strength, and any temporal and spacial constraints. This work expands on research into individual's digital footprints (e.g., [2,5,6]) to look at connections across devices and what they can reveal about social relationships. A key objective for us is to better understand the range of privacy risks accompanying the increasing use of technology.…”

Section: Introductionmentioning

confidence: 98%

Inferring social relationships from technology-level device connections

Nurse

Pumphrey

Gibson−Robinson

et al. 2014

2014 Twelfth Annual International Conference on Privacy, Security and Trust

View full text Add to dashboard Cite

Technology is present in every area of our lives and, for many, life without it has become unthinkable. As a consequence of this dependence and the extent to which technology devices (computers, tablets and smartphones) are being used for work and social activities, a clear coupling between devices and their owners can now be observed. By coupling, we specifically refer to the fact that information present on a person's device, be it user-generated or created by the native OS, can produce great insight into their life. In this paper, we look to exploit this coupling to investigate whether connections between technology devices recorded in system log-files, can be used to make inferences about the social relationships between device owners. A key motivation here is to better understand and elucidate the privacy risks associated with the digital footprints that we as humans (often inadvertently) create. Our work draws upon Social Network Analysis and basic Computer Forensics to develop and achieve the inference goals. From our preliminary experimentation, we demonstrate that human social relationships can indeed be inferred even within our limited initial scope. To further investigate the level of privacy exposure from technology-level links, we outline a more comprehensive plan of experimentation that will be conducted in future work.

show abstract

Passive OS Fingerprinting by DNS Traffic Analysis

Cited by 30 publications

References 6 publications

Network Monitoring and Enumerating Vulnerabilities in Large Heterogeneous Networks

Network Monitoring and Enumerating Vulnerabilities in Large Heterogeneous Networks

HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting

Inferring social relationships from technology-level device connections

Contact Info

Product

Resources

About