Saturday, 13 September 2008

For those at SANS NS 2008

I am offering a presentation on the Thursday night (2nd Oct).

Advanced Methods to remotely determine Application Versions
Thursday, October 2 * 8:00pm - 9:00pm

Statistical and Machine learning techniques make the hiding of information difficult. Statistical methods such as neural network perceptrons and classification algorithms including Random Forest ensembles allow for the determination of software version and patch levels.

These methods can be used to find server versions and patch levels using standard calls to the application server. This appears as standard traffic to the server and does not register as an attack. This bypasses controls (such as the renaming of DNS versions in Bind) allowing an attacker to remotely gather information regarding the patch levels of a system.

If you are there, I will be presenting a way to determine the version and patch level of most DNS Servers available and running today that places no reliance on the host headers and version information.

No comments: