Yet another short story on where to find what we did not intend to send out at all
Sometimes, all it takes to find subtle but fascinating and helpful hints about your co-Netizens and their whereabouts is some luck. At least that was the case with a fairly interesting and extremely elusive information disclosure vector that I discovered in 2003, after several weeks of a daunting hunt.
First things first. Several years ago, I asked a friend of mine, Kristjan, to let me use some disk space on one of his machines so that I could host a bunch of my projects on a reliable and fast system. He agreed, and soon after, I began to gradually move most of my programs and papers to their new home. Among the projects I transferred was a new version of p0f, my passive operating system fingerprinting tool (which you may remember from Chapter 9). This humble tool implemented some interesting passive analysis techniques, but to be truly powerful, it needed to ship with a strong and current database of operating system signatures. Maintaining it manually was difficult, and I soon ran out of obscure systems to fingerprint and add to it.
Fortunately, whereas gathering signatures for active fingerprinting software required often objectionable interaction with the target (stirring controversy and straining the network link and sometimes crashing particularly poorly implemented TCP/IP stacks), passive fingerprinting required no such action and could be performed effortlessly on all systems that connected to Kristjan’s system to fetch my page. To encourage submissions, I set up a subpage where any user could immediately see their fingerprint and correct the way their system was being reported or add a new signature. This page proved to be a great way to collect signatures and improve the software, but this is not where the story ends.
In a bizarre turn of events, Kristjan decided to host a different, for-profit site on his system so that his system could pay its own bills. The site, as you might imagine, was not at all devoted to network security, gardening, or some other noble cause. Rather, it focused on some less prestigious, yet perhaps more appealing aspects of our lives: sex, nudity, and everything related. I rejoiced, as any self-respecting geek would, not because of the contents he served, but because millions of connection signatures started pouring down in a matter of hours, to be analyzed by the software I was developing. Hallelujah!