http://www.zdnet.co.kr/news/internet/0,39024414,39134302,00.htm
http://www.caida.org/outreach/papers/2005/fingerprinting/

Remote physical device fingerprinting

We introduce the area of remote physical device fingerprinting, or fingerprinting a physical device, as opposed to an operating system or class of devices, remotely, and without the fingerprinted device’s known cooperation. We accomplish this goal by exploiting small, microscopic deviations in device hardware: clock skews. Our techniques do not require any modification to the fingerprinted devices. Our techniques report consistent measurements when the measurer is thousands of miles, multiple hops, and tens of milliseconds away from the fingerprinted device, and when the fingerprinted device is connected to the Internet from different locations and via different access technologies. Further, one can apply our passive and semi-passive techniques when the fingerprinted device is behind a NAT or firewall, and also when the device’s system time is maintained via NTP or SNTP. One can use our techniques to obtain information about whether two devices on the Internet, possibly shifted in time or IP addresses, are actually the same physical device. Example applications include: computer forensics; tracking, with some probability, a physical device as it connects to the Internet from different public access points; counting the number of devices behind a NAT even when the devices use constant or random IP IDs; remotely probing a block of addresses to determine if the addresses correspond to virtual hosts, e.g., as part of a virtual honeynet; and unanonymizing anonymized network traces.

익명성을 해치는 이런거 별로 안좋아 하지만.. ;;

이전부터 TCP/IP 에서의 시퀀스 번호가 점프하는 규칙을 가지고 상대방의 OS를 추측하는 기술이 있었고, 이런 기법들은 사실 악의적인 목적으로 쓰여왔습니다. 상대방의 OS, 웹 서버의 종류, 서버내 특정 계정의 존재 여부 등은 어쨌거나 해킹을 위한 1단계에 해당하니까요.

핑거 프린팅은 물론 범죄 수사에도 활용될 수 있겠지만, 해킹에도 사용될 수 있다는 것은 자명하네요. 양날의 검인가.

클럭의 아주 작은 skew를 사용한 finger printing 이란점이 무척 흥미롭네요.