Abstract
The ubiquity of firewalls using Network Address Translation and Port Address Translation (NAT/PAT), stateful inspection, and packet normalization technologies is taking its toll on today’s approaches to operating system fingerprinting. Hence, SinFP was developed attempting to address the limitations of current tools. SinFP implements new methods, like the usage of signatures acquired by active fingerprinting when performing passive fingerprinting. Furthermore, SinFP is the first tool to perform operating system fingerprinting on IPv6 (both active and passive modes). Thanks to its signature matching algorithm, it is almost superfluous to add new signatures to its current database. In addition, its heuristic matching algorithm makes it highly resilient against signatures that have been modified by intermediate routing and/or filtering devices in-between, and against TCP/IP customization methods. This document presents an in-depth explanation of techniques implemented by SinFP tool.
Similar content being viewed by others
References
Net::SinFP 0.92. http://search.cpan.org/~gomor/Net-SinFP-0.92/
Stateful Passive Fingerprinting for Malicious Packet Identification. http://www.andrew.cmu.edu/user/xsk/XenoKovahThesis.pdf
IPv6 Neighbor Discovery Protocol based OS Fingerprinting. http://hal.inria.fr/docs/00/16/99/90/PDF/technical_report_fingerprinting.pdf
A Hybrid Approach to Operating System Discovery using Answer Set Programming. http://ieeexplore.ieee.org/iel5/4258513/4258514/04258556.pdf?tp=&isnumber=&arnumber=4258556
Toward Undetected Operating System Fingerprinting. http://www.usenix.org/events/woot07/tech/full_papers/greenwald/greenwald.pdf
Prise d’empreinte active des systèmes d’exploitation. http://www.gomor.org/bin/view/GomorOrg/Misc7
Internet Protocol (version 6). ftp://ftp.rfc-editor.org/in-notes/rfc2460.txt
Internet Protocol (version 4). ftp://ftp.rfc-editor.org/in-notes/rfc791.txt
SQLite Home Page. http://www.sqlite.org/
Transmission Control Protocol. ftp://ftp.rfc-editor.org/in-notes/rfc793.txt
Remote OS Detection using TCP/IP Fingerprinting (2nd Generation). http://insecure.org/nmap/osdetect/
sinfp—News about SinFP. http://lists.gomor.org/mailman/listinfo/sinfp
Analyse fine: bornes inférieures et algorithmes de calculs d’intersection pour moteurs de recherche. http://www.cs.uwaterloo.ca/~jbarbay/Recherche/Publishing/Publications/these.pdf
Nmap—Free Security Scanner for Network Exploration and Security Audits. http://insecure.org/nmap/
TCP/IP Fingerprinting Methods Supported by Nmap. http://insecure.org/nmap/osdetect/osdetect-methods.html
Net::SinFP 2.06. http://search.cpan.org/~gomor/Net-SinFP-2.06/
SinFP vs Nmap. http://www.computerdefense.org/2006/12/04/sinfp-vs-nmap/
Nmap vs SinFP. http://www.computerdefense.org/2006/12/08/nmap-vs-sinfp/
Introduction and Comparison with Nmap 4.10, Part I. http://www.phocean.net/?p=13
Comparison with Nmap 4.20, Part II. http://www.phocean.net/?p=14
Tips and Tricks. http://www.gomor.org/bin/view/Sinfp/DocTipsAndTricks
SinFP OS fingerprinting tool. http://www.gomor.org/bin/view/Sinfp/WebHome
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Auffret, P. SinFP, unification of active and passive operating system fingerprinting. J Comput Virol 6, 197–205 (2010). https://doi.org/10.1007/s11416-008-0107-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-008-0107-z