Sunday, July 11, 2004: 4:00 pm (Area "B"): Sun Tzu once stated "Know your enemy and know yourself, and in a hundred battles you will never be defeated." By denying outsiders information about our systems and software, we make it more difficult to mount successful attacks. There are a wealth of options for OS-fingerprinting today, evolving from basic TCP-flag mangling tools such as Queso, through the ICMP quirk-detection of the original Xprobe and the packet timing analysis of RING, to today's suite of multiple techniques employed by nmap. The ultimate advantage in the OS-detection game lies with the defender, however, as it is they who control what packets are sent in response. Morph is a BSD-licensed remote OS detection spoofing tool. It is portable and configurable, and will frustrate current state-of-the-art OS fingerprinting. This presentation will discuss the current techniques used for OS fingerprinting and how to frustrate them. There will be a live demo, and Morph v0.2 will be released with this talk.

Hosted by Kathy Wang