IPV6 Host Fingerprint

Abstract

This thesis explores ways of using probe packets to identify the type and version of OS that is run by a remote IPv6 host. Such a probing technique can be effective because developers of different OSes often interpret the guidance provided by the RFCs slightly differently, and consequently their network protocol stack implementation may generate responses bearing unique markers to certain probing packets. The key challenge is to find suitable probing packets for different OSes. Using a real IPv6 test bed, this thesis has evaluated both existing UDP-or-TCP-based and new IPv6- extension-header-based probing packets against a selected set of eight popular OSes. The results show that the UDP/TCP methods are also effective in an IPv6 environment and the extension header approach is worthy further study. There are evidences that OS fingerprinting is harder with IPv6. It might be due to the fact that given the experimental nature of IPv6, similar OSes tend to reuse IPv6 code. This conjecture requires further study. Finally, the thesis has also developed a method of crafting arbitrary IPv6 packets using the SmartBits system.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2006
Accession Number
ADA457353

Entities

People

  • Eleftherios Nerakis

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computer Network Security
  • Computer Networks
  • Computer Science
  • Computers
  • Computing System Architectures
  • Data Links
  • Detection
  • Environment
  • Graphical User Interface
  • Guidance
  • Network Architecture
  • Network Protocols
  • Network Science
  • Operating Systems
  • Port Scanners
  • Test Beds
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Database Systems and Applications
  • Systems Analysis and Design