9.3 Special-Purpose Tools

Previous page
Table of content
Next page
 <  Day Day Up  >  

It is worth noting that there are also special-purpose tools that have been designed to work on individual services. One example of this is used in IDENT fingerprinting. The Identification Protocol (IDENT) provides a means to determine the identity of a user of a particular TCP connection. Given a TCP port number pair, IDENT returns a character string that identifies the owner of that connection on the server's system.

IDENT is a connection-based application on TCP. An IDENT server listens for TCP connections on TCP port 113. Once a connection is established, the IDENT server reads a line of data that specifies the connection of interest. If it exists, the system-dependent user identifier of the connection of interest is sent as the reply. The server may shut down the connection or continue to read and respond to multiple queries.

If you connect to a host's IDENT server, you can determine its type, version, and (occasionally) compilation date. By matching this against an empirical database, you can often predict the target OS. An example of a tool to automate this process is identfp, a Perl tool written by F0bic of Synergy.net.

 <  Day Day Up  >  

Previous page
Table of content
Next page
Security Warrior
Security Warrior
ISBN: 0596005458
EAN: 2147483647
Year: 2004
Pages: 211
Authors: Cyrus Peikari, Anton Chuvakin
BUY ON AMAZON
Software Configuration Management
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Network Security Architectures
The Java Tutorial: A Short Course on the Basics, 4th Edition
PMP Practice Questions Exam Cram 2
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy