Subject: | |
From: | |
Reply To: | |
Date: | Tue, 17 Oct 2006 23:27:01 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Thu, 28 Sep 2006 09:29:40 -0400, Brad Kramer <[log in to unmask]> wrote:
>This uses tcp/ip fingerprinting to detect the OS in a passive role...
A reasonably smart computer science student can easily bypass that. There is
a tool called security cloak, which changes the TCP parameters to match one
of 21 different operating systems.
We have used that to design a little program to bypass the CCA client
installation and automate the login.
See http://www.securityfocus.com/archive/1/444424/30/0/threaded
The previous "detection method", using the browser user-agent string, was,
quite frankly, brain-dead. Anybody using the browser user-agent string for
anything is stuck in the mid-90ies.
In my opinion, CCA is inherently flawed. It relies on whatever the client
reports, and anybody who has ever done client-server development knows that
the server should never trust anything that the client sends.
Using Nessus, btw, doesn't change that. I can put a $30 Linux-based router
in front of a Windows machine, and Nessus will detect it perfectly as a
Linux box.
I only found this list through a Wikipedia article on CCA, and I am actually
surprised that there seems to be complete ignorance of this vulnerability
here. Shouldn't network admins subscribe to lists like Bugtraq to stay
informed about threats to their networks?
|
|
|