More in Scanning
OS detection (stack fingerprinting):
- probe the TCP/IP stack,because it varies with OS. Requires at least one listening port to make determination. See textbook (pages 69-72) for types of probe.
- why is it important? There are hacker tools OS and Net device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a Web server.
- countermeasures: standards, filtering requests at firewall.
OS detection (passive signatures):
- monitoring the traffic the operating system can be detected, among other things. Siphon is a recent Linux/UNIX tool.
- Once the OS is identified enumeration can take place (to be seen in next class meeting).