More in Scanning

• OS detection (stack fingerprinting):

  • probe the TCP/IP stack,because it varies with OS. Requires at least one listening port to make determination. See textbook (pages 69-72) for types of probe.
  • why is it important? There are hacker tools OS and Net device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a Web server.
  • countermeasures: standards, filtering requests at firewall.

• OS detection (passive signatures):

  • monitoring the traffic the operating system can be detected, among other things. Siphon is a recent Linux/UNIX tool.
  • Once the OS is identified enumeration can take place (to be seen in next class meeting).

Previous slide

Back to first slide

View graphic version