IpMorph: fingerprinting spoofing unification

10 years 4 months ago
IpMorph: fingerprinting spoofing unification
Abstract. There is nowadays a wide range of TCP/IP stack identification tools that allow to easily recognize the operating system of foreseen targets. The object of this article is to show that fingerprint concealment and spoofing are uniformly possible against different known fingerprinting tools. We present IpMorph, counter-recognition software implemented as a user-mode TCP/IP stack, ensuring session monitoring and on the fly packets re-writing. We detail its operation and use against tools like Nmap, Xprobe2, Ring2, SinFP and p0f, and we evaluate its efficiency thanks to a first technical implementation that already covers most of our objectives. Authors note: The IpMorph software is distributed under the GPLv3 license. This independent project is based on our previous works, and mainly derives from a specific need in the "Hynesim" network architecture simulation project (DGA-CELAR/SSI-AMI government contract,
Guillaume Prigent, Florian Vichot, Fabrice Harroue
Added 23 May 2011
Updated 23 May 2011
Type Journal
Year 2010
Authors Guillaume Prigent, Florian Vichot, Fabrice Harrouet
Comments (0)