On Wed, 25 Sep 2002 10:33:52 +0200, "supermac2(_at_)inwind(_dot_)it"
<supermac2(_at_)inwind(_dot_)it> said:
I'm Marco from Italy and I'm working on a security LAN project.
I have to analyze all the hosts on my ethernet relying on their
broadcast packets.
If a tree doesn't fall in the forest, what sound doesn't it make?
(Think about it - if a machine doesn't drop a broadcast packet, or not
enough to analyze, what do you do?)
Where can I find a list of broadcast packets sent by all Operating
Sysyems??
A better approach would be to ask "What services use broadcast packets"
and then ask what systems implement that service. Also, you may want to
think about the following question:
How do you distinguish between a Microsoft Windows system issuing a broadcast
packet on port 139, and a Linux system running Samba issuing the same packet
on port 139?
You might want to ask yourself exactly what you're trying to accomplish by
trying to fingerprint systems based only on broadcast packets? What problem
will you solve by doing this? Is this just a "see if it can be done" project,
or are you really expecting to get a major gain from it? If so, what gain
are you expecting?
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgpPsBUlRAh6P.pgp
Description: PGP signature