Publication:
IPv6 host fingerprint

Loading...
Thumbnail Image
Authors
Nerakis, Eleftherios
Subjects
Advisors
Date of Issue
2006-09
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
This thesis explores ways of using probe packets to identify the type and version of OS that is run by a remote IPv6 host. Such a probing technique can be effective because developers of different OSes often interpret the guidance provided by the RFCs slightly differently, and consequently their network protocol stack implementation may generate responses bearing unique markers to certain probing packets. The key challenge is to find suitable probing packets for different OSes. Using a real IPv6 test bed, this thesis has evaluated both existing UDP-or-TCP-based and new IPv6-extension-header-based probing packets against a selected set of eight popular OSes. The results show that the UDP/TCP methods are also effective in an IPv6 environment and the extension header approach is worthy further study. There are evidences that OS fingerprinting is harder with IPv6. It might be due to the fact that given the experimental nature of IPv6, similar OSes tend to reuse IPv6 code. This conjecture requires further study. Finally, the thesis has also developed a method of crafting arbitrary IPv6 packets using the SmartBits system.
Type
Thesis
Description
Series/Report No
Department
Department of Computer Science
Other Units
Naval Postgraduate School
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiv, 103 p. : ill. (some col.) ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections