K-p0f: A high-throughput kernel passive OS fingerprinter

Jason Barnes; Patrick Crowley

doi:10.1109/ANCS.2013.6665187

K-p0f: A high-throughput kernel passive OS fingerprinter

Jason Barnes
, Patrick Crowley

Department of Computer Science & Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

9 Scopus citations

Abstract

Most critical security vulnerabilities depend on the OS. If a hacker finds a machine with a vulnerable OS, then he can attack the system. Network administrators can defend against OS-specific attacks if they can find vulnerable machines before hackers do, but physically checking or actively scanning a large network can take time and resources. This paper describes a modification of p0f implemented in the Linux kernel, called k-p0f, which is a tool for this problem. This paper describes the design of k-p0f and compares its performance to p0f with both laboratory-generated and real-world traffic.

Original language	English
Title of host publication	ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Publisher	IEEE Computer Society
Pages	113-114
Number of pages	2
ISBN (Print)	9781479916405
DOIs	https://doi.org/10.1109/ANCS.2013.6665187
State	Published - 2013
Event	9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013 - San Jose, CA, United States Duration: Oct 21 2013 → Oct 22 2013

Publication series

Name	ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

Conference

Conference	9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013
Country/Territory	United States
City	San Jose, CA
Period	10/21/13 → 10/22/13

Keywords

High-throughput
OS Fingerprinting
p0f
Passive

Access to Document

10.1109/ANCS.2013.6665187

Cite this

Barnes, J., & Crowley, P. (2013). K-p0f: A high-throughput kernel passive OS fingerprinter. In ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems (pp. 113-114). Article 6665187 (ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems). IEEE Computer Society. https://doi.org/10.1109/ANCS.2013.6665187

@inproceedings{4c36bb3b56624354b42a7e283f403c2e,

title = "K-p0f: A high-throughput kernel passive OS fingerprinter",

abstract = "Most critical security vulnerabilities depend on the OS. If a hacker finds a machine with a vulnerable OS, then he can attack the system. Network administrators can defend against OS-specific attacks if they can find vulnerable machines before hackers do, but physically checking or actively scanning a large network can take time and resources. This paper describes a modification of p0f implemented in the Linux kernel, called k-p0f, which is a tool for this problem. This paper describes the design of k-p0f and compares its performance to p0f with both laboratory-generated and real-world traffic.",

keywords = "High-throughput, OS Fingerprinting, p0f, Passive",

author = "Jason Barnes and Patrick Crowley",

year = "2013",

doi = "10.1109/ANCS.2013.6665187",

language = "English",

isbn = "9781479916405",

series = "ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems",

publisher = "IEEE Computer Society",

pages = "113--114",

booktitle = "ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems",

note = "9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013 ; Conference date: 21-10-2013 Through 22-10-2013",

}

Barnes, J & Crowley, P 2013, K-p0f: A high-throughput kernel passive OS fingerprinter. in ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems., 6665187, ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, IEEE Computer Society, pp. 113-114, 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013, San Jose, CA, United States, 10/21/13. https://doi.org/10.1109/ANCS.2013.6665187

K-p0f: A high-throughput kernel passive OS fingerprinter. / Barnes, Jason; Crowley, Patrick.
ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems. IEEE Computer Society, 2013. p. 113-114 6665187 (ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - K-p0f

T2 - 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013

AU - Barnes, Jason

AU - Crowley, Patrick

PY - 2013

Y1 - 2013

N2 - Most critical security vulnerabilities depend on the OS. If a hacker finds a machine with a vulnerable OS, then he can attack the system. Network administrators can defend against OS-specific attacks if they can find vulnerable machines before hackers do, but physically checking or actively scanning a large network can take time and resources. This paper describes a modification of p0f implemented in the Linux kernel, called k-p0f, which is a tool for this problem. This paper describes the design of k-p0f and compares its performance to p0f with both laboratory-generated and real-world traffic.

AB - Most critical security vulnerabilities depend on the OS. If a hacker finds a machine with a vulnerable OS, then he can attack the system. Network administrators can defend against OS-specific attacks if they can find vulnerable machines before hackers do, but physically checking or actively scanning a large network can take time and resources. This paper describes a modification of p0f implemented in the Linux kernel, called k-p0f, which is a tool for this problem. This paper describes the design of k-p0f and compares its performance to p0f with both laboratory-generated and real-world traffic.

KW - High-throughput

KW - OS Fingerprinting

KW - p0f

KW - Passive

UR - https://www.scopus.com/pages/publications/84893485933

U2 - 10.1109/ANCS.2013.6665187

DO - 10.1109/ANCS.2013.6665187

M3 - Conference contribution

AN - SCOPUS:84893485933

SN - 9781479916405

T3 - ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

SP - 113

EP - 114

BT - ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

PB - IEEE Computer Society

Y2 - 21 October 2013 through 22 October 2013

ER -

Barnes J, Crowley P. K-p0f: A high-throughput kernel passive OS fingerprinter. In ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems. IEEE Computer Society. 2013. p. 113-114. 6665187. (ANCS 2013 - Proceedings of the 9th ACM/IEEE Symposium on Architectures for Networking and Communications Systems). doi: 10.1109/ANCS.2013.6665187

K-p0f: A high-throughput kernel passive OS fingerprinter

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this