Return to search

Fingerprinting Encrypted Tunnel Endpoints

Operating System fingerprinting is a reconnaissance method used by Whitehats and Blackhats alike. Current techniques for fingerprinting do not take into account tunneling protocols, such as IPSec, SSL/TLS, and SSH, which effectively `wrap` network traffic in a ciphertext mantle, thus potentially rendering passive monitoring ineffectual. Whether encryption makes VPN tunnel endpoints immune to fingerprinting, or yields the encrypted contents of the VPN tunnel entirely indistinguishable, is a topic that has received modest coverage in academic literature. This study addresses these question by targeting two tunnelling protocols: IPSec and SSL/TLS. A new fingerprinting methodology is presented, several fingerprinting discriminants are identified, and test results are set forth, showing that endpoint identities can be uncovered, and that some of the contents of encrypted VPN tunnels can in fact be discerned. / Dissertation (MSc (Computer Science))--University of Pretoria, 2005. / Computer Science / unrestricted

Identiferoai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:up/oai:repository.up.ac.za:2263/25351
Date09 June 2005
CreatorsIzadinia, Vafa Dario
ContributorsKourie, Derrick G., Eloff, Jan H.P., vafa@cs.up.ac.za
PublisherUniversity of Pretoria
Source SetsSouth African National ETD Portal
Detected LanguageEnglish
TypeDissertation
Rights© 2005, University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria.

Page generated in 0.0035 seconds