Passive OS Fingerprinting on Commodity Switches

Sherry Bai, Hyojoon Kim, Jennifer Rexford

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Operating System (OS) fingerprinting allows network administrators to identify which operating systems are running on the hosts communicating over their network. This information is useful for detecting OS-specific vulnerabilities and for administering OS-related security policies that block, rate-limit, or redirect traffic. Passive fingerprinting can identify hosts' OS types without active probes that introduce additional network load. However, existing software-based passive fingerprinting tools cannot keep up with the traffic in high-speed networks. This paper presents P40f, a tool that runs on programmable switch hardware to perform OS fingerprinting and apply security policies at line rate. Unlike p0f, P40f can fingerprint devices' OS types and react to it (e.g., drop, rate-limit) in real time directly in the switch, without requiring any control-plane messages. P40f is a P4 implementation of an existing software tool, p0f. We present our prototype implemented with the P4 language, which compiles and runs on the Intel Tofino switch. We present experiments against packet traces from a real campus network, and make our code publicly available.

Original languageEnglish (US)
Title of host publicationProceedings of the 2022 IEEE International Conference on Network Softwarization
Subtitle of host publicationNetwork Softwarization Coming of Age: New Challenges and Opportunities, NetSoft 2022
EditorsAlexander Clemm, Guido Maier, Carmen Mas Machuca, K.K. Ramakrishnan, Fulvio Risso, Prosper Chemouil, Noura Limam
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages264-268
Number of pages5
ISBN (Electronic)9781665406949
DOIs
StatePublished - 2022
Event8th IEEE International Conference on Network Softwarization, NetSoft 2022 - Milan, Italy
Duration: Jun 27 2022Jul 1 2022

Publication series

NameProceedings of the 2022 IEEE International Conference on Network Softwarization: Network Softwarization Coming of Age: New Challenges and Opportunities, NetSoft 2022

Conference

Conference8th IEEE International Conference on Network Softwarization, NetSoft 2022
Country/TerritoryItaly
CityMilan
Period6/27/227/1/22

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Passive OS Fingerprinting on Commodity Switches'. Together they form a unique fingerprint.

Cite this