【摘要】 Xprobe2通过模糊矩阵统计分析主动探测数据报对应的ICMP数据报特征,进而探测得到远端操作系统的类型。在分析Xprobe2实现机制的基础上,通过对探测数据报进行检测,并以指定的操作系统特征为模板,对输出ICMP数据报进行伪装,实现防御Xprobe2探测。基于ND IS给出了实现的体系机构,并对事件分离模块和伪装应答模块进行了详细的讨论。测试结果显示,该方案能有效的防御Xprobe2主动探测,实现了对操作系统指纹的伪装。更多还原

【Abstract】 Xprobe2 combines various remote active operating system fingerprinting methods using the ICMP protocol,and it utilizes a matrix based fuzzy logic to analyzing the results produced by various remote active operating system fingerprinting tests.Based on analyzing the mechanism of Xprobe2,this paper describes the design of Anti-xprobe2 which defenses OS fingerprinting detection of Xprobe2 by camouflaging response packets.It also gives the architecture of Anti-xprobe2 and discusses the event separator module and packets camouflage module in detail based on NDIS.The test result displays that this intermediate driver defense the detection of Xprobe2 successfully.更多还原