Toward Undetected Operating System Fingerprinting
نویسندگان
چکیده
Tools for active remote operating system fingerprinting generate many packets and are easily detected by host and network defensive devices such as IDS/NIDS. Since each additional packet increases the probability of detection, it is advantageous to minimize the number of probe packets. We make use of an informationtheoretic measure of test quality to evaluate fingerprinting probes and use this evaluation to derive effective probe combinations that minimize probe packets. While the default configuration of Nmap’s second generation operating system detection transmits 16 different probe packets, we demonstrate successful fingerprinting with one to three packets. Furthermore, these packets are valid TCP SYN packets to open ports, which are less likely to be detected as fingerprinting probes than malformed packets or packets that are not part of a valid TCP three-way handshake.
منابع مشابه
Using Machine Learning Techniques for Advanced Passive Operating System Fingerprinting
TCP/IP fingerprinting is the active or passive collection of information usually extracted from a remote computer’s network stack. The combination of such information can be then used to infer the remote operating system (OS fingerprinting). OS fingerprinting is traditionally based on a database of “signatures”. A signature comprises several features (i.e., pairs attribute/value) extracted from...
متن کاملNew Tool And Technique For Remote Operating System Fingerprinting
Information gathering is an essential part of acute vulnerability assessment, especially when the whole process is automated. In this context, host Operating System detection must be precise, even when networks are well defended. We present an original Operating System detection method, based on temporal response analysis. As a proof of concept, we release the open source tool called RING – for...
متن کاملBear – A Resilient Operating System for Scalable Multi-processors
This paper describes a minimalist operating system design aimed at scalable multiprocessor systems whose primary goal is resilience. The design is expressly targeted toward critical military applications for the purpose of operating through failures, errors, and malicious attacks. Lessons learned from several key proof-of-concept components, implemented as Linux kernel modules, are currently be...
متن کاملOperating System Fingerprinting for Virtual Machines
In computer security field, Operating System fingerprinting (OSF) is the process of identifying the OS variant and version. OSF is considered an important stage to decide security policy enforced on protected Virtual Machine (VM). OSF is also the first step of VM introspection process. Unfortunately, current OSF techniques suffer many problems, such as: they fail badly against modern Operating ...
متن کاملBlackhat fingerprinting of the wired and wireless honeynet
TCP/IP fingerprinting is a common technique used to detect unique network stack characteristics of an Operating System (OS). Its usage for network compromise is renowned for performing host discovery and in aiding the blackhat to determine a tailored exploit of detected OSs. The honeyd honeynet is able to countermeasure blackhats utilising TCP/IP fingerprinting via host device emulation on a vi...
متن کامل