OS fingerprinting: os fingerprinting refers to detection of
target computer operation system.
Since different operating system
responds differently to the same kind of ICMP message it is very important for
an attacker to determine the exact operating system running on target system.
Also attacker can carry out attacks by
taking over the vulnerabilities/bugs found in that particular operating system.
There are four areas that we will look
at to determine the operating system.
1. TTL
– what the operating system sets the time to live on the outbound packet.
2. Window
size – what the operating system sets the window size at.
3. DF
– does the operating system set the don’t fragment bit.
4. TOS
– does the operating system set the type of service and if so at what.
There are two different types of OS fingerprinting
technique –
Active OS Fingerprinting – remote active operating system fingerprinting
is the process of actively determining a targeted network nods underlying
operating system by probing the targeted system with several packets and examining
the response or lack thereof received?
The traditional
approach is to examine the TCP/IP stack behavior (IP, TCP, UDP and ICMP
protocols)
of a targeted network element when probed with several legitimate
and malformed packets.
Passive OS fingerprinting- passive fingerprinting is based on sniffer
traces from the remote system. Instead of actively querying the remote system
all you need to do is capture packets you can determine the operation system of
the remote host.
Just like in active fingerprinting passive fingerprinting is
based on the principle that every operation systems IP stack has its own
idiosyncrasies. By analyzing sniffer traces and identifying these differences
you may be able determine the operating system of the remote host.
0 comments:
Post a Comment