Monday, 1 September 2008

Advanced Methods to remotely determine Application Versions

I am speaking at SANS Network Security 2008 in Las Vegas this year. My talk is "Advanced Methods to remotely determine Application Versions". This is being held on Thursday, October 2 * 8:00pm - 9:00pm.

In this I shall be covering a method to determine the DNS application version (and patch level) from a remote server.

The topic is contained in the Abstract:
Statistical and Machine learning techniques make the hiding of information difficult. Statistical methods such as neural network perceptrons and classification algorithms including Random Forest ensembles allow for the determination of software version and patch levels.

These methods can be used to find server versions and patch levels using standard calls to the application server. This appears as standard traffic to the server and does not register as an attack.This bypasses controls (such as the renaming of DNS versions in Bind) allowing an attacker to remotely gather information regarding the patch levels of a system.

No comments: