Service-Fingerprinting mittels Fuzzing
Service fingerprinting (i.e. the identification of network services and other applications on computing systems) is an essential part of penetration tests. The main contribution of this paper is a study on the improvement of fingerprinting tools. By applying mutation-based fuzzing as a fingerprint g...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Hanspach, Michael Schumann, Ralf Schemmer, Stefan Vandersee, Sebastian |
| description | Service fingerprinting (i.e. the identification of network services and other
applications on computing systems) is an essential part of penetration tests.
The main contribution of this paper is a study on the improvement of
fingerprinting tools. By applying mutation-based fuzzing as a fingerprint
generation method, subtle differences in response messages can be identified.
These differences in response messages provide means for the differentiation
and identification of network services. To prove the feasibility of the
approach, an implementation of a fingerprinting tool for ftp servers is
presented and compared to preexisting fingerprinting tools. As a result of this
study it is shown that mutation-based fuzzing is an appropriate method for
service fingerprinting that even offers advantages over preexisting methods. |
| doi_str_mv | 10.48550/arxiv.1403.0766 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_1403_0766</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1403_0766</sourcerecordid><originalsourceid>FETCH-LOGICAL-a656-b552d1e0e21df9378870820a9fc3d02836c8d9fd6291ff4329e647c0539dd47e3</originalsourceid><addsrcrecordid>eNotzjsLwjAUBeAsDqLuTuLk1nrzTkYRq4LgYPcSmxsJqEisov5662M65yyHj5AhhVwYKWHq0iPecyqA56CV6pLJDtM91pgV8XzAdEnx3LRtfIpNg8fruLi9Xu3uk05wxysO_tkjZbEo56tss12u57NN5pRU2V5K5ikCMuqD5doYDYaBs6HmHpjhqjbeBq-YpSEIziwqoWuQ3HovNPIeGf1uv86q1ZxcelYfb_Xx8jcXJznB</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Service-Fingerprinting mittels Fuzzing</title><source>arXiv.org</source><creator>Hanspach, Michael ; Schumann, Ralf ; Schemmer, Stefan ; Vandersee, Sebastian</creator><creatorcontrib>Hanspach, Michael ; Schumann, Ralf ; Schemmer, Stefan ; Vandersee, Sebastian</creatorcontrib><description>Service fingerprinting (i.e. the identification of network services and other
applications on computing systems) is an essential part of penetration tests.
The main contribution of this paper is a study on the improvement of
fingerprinting tools. By applying mutation-based fuzzing as a fingerprint
generation method, subtle differences in response messages can be identified.
These differences in response messages provide means for the differentiation
and identification of network services. To prove the feasibility of the
approach, an implementation of a fingerprinting tool for ftp servers is
presented and compared to preexisting fingerprinting tools. As a result of this
study it is shown that mutation-based fuzzing is an appropriate method for
service fingerprinting that even offers advantages over preexisting methods.</description><identifier>DOI: 10.48550/arxiv.1403.0766</identifier><language>eng</language><subject>Computer Science - Cryptography and Security ; Computer Science - Networking and Internet Architecture</subject><creationdate>2014-03</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,881</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/1403.0766$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.1403.0766$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Hanspach, Michael</creatorcontrib><creatorcontrib>Schumann, Ralf</creatorcontrib><creatorcontrib>Schemmer, Stefan</creatorcontrib><creatorcontrib>Vandersee, Sebastian</creatorcontrib><title>Service-Fingerprinting mittels Fuzzing</title><description>Service fingerprinting (i.e. the identification of network services and other
applications on computing systems) is an essential part of penetration tests.
The main contribution of this paper is a study on the improvement of
fingerprinting tools. By applying mutation-based fuzzing as a fingerprint
generation method, subtle differences in response messages can be identified.
These differences in response messages provide means for the differentiation
and identification of network services. To prove the feasibility of the
approach, an implementation of a fingerprinting tool for ftp servers is
presented and compared to preexisting fingerprinting tools. As a result of this
study it is shown that mutation-based fuzzing is an appropriate method for
service fingerprinting that even offers advantages over preexisting methods.</description><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Networking and Internet Architecture</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotzjsLwjAUBeAsDqLuTuLk1nrzTkYRq4LgYPcSmxsJqEisov5662M65yyHj5AhhVwYKWHq0iPecyqA56CV6pLJDtM91pgV8XzAdEnx3LRtfIpNg8fruLi9Xu3uk05wxysO_tkjZbEo56tss12u57NN5pRU2V5K5ikCMuqD5doYDYaBs6HmHpjhqjbeBq-YpSEIziwqoWuQ3HovNPIeGf1uv86q1ZxcelYfb_Xx8jcXJznB</recordid><startdate>20140304</startdate><enddate>20140304</enddate><creator>Hanspach, Michael</creator><creator>Schumann, Ralf</creator><creator>Schemmer, Stefan</creator><creator>Vandersee, Sebastian</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20140304</creationdate><title>Service-Fingerprinting mittels Fuzzing</title><author>Hanspach, Michael ; Schumann, Ralf ; Schemmer, Stefan ; Vandersee, Sebastian</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a656-b552d1e0e21df9378870820a9fc3d02836c8d9fd6291ff4329e647c0539dd47e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Networking and Internet Architecture</topic><toplevel>online_resources</toplevel><creatorcontrib>Hanspach, Michael</creatorcontrib><creatorcontrib>Schumann, Ralf</creatorcontrib><creatorcontrib>Schemmer, Stefan</creatorcontrib><creatorcontrib>Vandersee, Sebastian</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Hanspach, Michael</au><au>Schumann, Ralf</au><au>Schemmer, Stefan</au><au>Vandersee, Sebastian</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Service-Fingerprinting mittels Fuzzing</atitle><date>2014-03-04</date><risdate>2014</risdate><abstract>Service fingerprinting (i.e. the identification of network services and other
applications on computing systems) is an essential part of penetration tests.
The main contribution of this paper is a study on the improvement of
fingerprinting tools. By applying mutation-based fuzzing as a fingerprint
generation method, subtle differences in response messages can be identified.
These differences in response messages provide means for the differentiation
and identification of network services. To prove the feasibility of the
approach, an implementation of a fingerprinting tool for ftp servers is
presented and compared to preexisting fingerprinting tools. As a result of this
study it is shown that mutation-based fuzzing is an appropriate method for
service fingerprinting that even offers advantages over preexisting methods.</abstract><doi>10.48550/arxiv.1403.0766</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.1403.0766 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_1403_0766 |
| source | arXiv.org |
| subjects | Computer Science - Cryptography and Security Computer Science - Networking and Internet Architecture |
| title | Service-Fingerprinting mittels Fuzzing |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-27T01%3A53%3A03IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Service-Fingerprinting%20mittels%20Fuzzing&rft.au=Hanspach,%20Michael&rft.date=2014-03-04&rft_id=info:doi/10.48550/arxiv.1403.0766&rft_dat=%3Carxiv_GOX%3E1403_0766%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |