Wikipedia

TCP/IP stack fingerprinting: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Changed Link "IDS" (ambiguous) to "Intrusion Detection System" (definite)
No edit summary
Line 1:
'''OS Fingerprintingfingerprinting''' is a process of determining the [[Operatingoperating Systemsystem]] used by the remote target.
 
There are two types of OS Fingerprinting:<br />
'''Active OS Fingerprinting''' and '''Passive OS Fingerprinting'''
 
There are two types of OS Fingerprinting; '''Active OS fingerprinting''' and '''Passive OS fingerprinting'''
 
== Passive OS Fingerprinting ==
Passive fingerprinting is undetectable by an [[Intrusion-detection_systemdetection system|IDS]] on the network. A passive fingerprinter (a person or an application) does not send any data across the network (wire); because of this nature it’s undetectable. The down side to passive fingerprinting is the fact that the fingerprinter must be on the same [[Ethernet hub|hub]] as the other servers and clients in order to capture any packets on the wire.
 
[[Image:passive figure.png]]
Line 14 ⟶ 12:
 
== Active Fingerprinting Methods ==
TCP Stack Querying:
* [[Internet Control Message Protocol|ICMP]]
o ICMP
* [[Transmission Control Protocol|TCP]]
o TCP
* [[Simple Network Management Protocol|SNMP]]
o SNMP
• Banner Grabbing
o FTP
o Telnet
o HTTP
• Port Probing
 
Banner Grabbing
* [[File Transfer Protocol|FTP]]
* [[TELNET]]
* [[Hypertext Transfer Protocol|HTTP]]
 
Port Probing
 
== Protecting and Detecting Against Fingerprinting ==
Block all unnecessary outgoing ICMP traffic especially unusual ones like address mask and timestamp also block any [[ICMP Echo Reply|ICMP echo replies]]. Watch for excessive TCP SYN packets.
watch for excessive TCP SYN packets.
 
== Fingerprinting Tools ==
 
[[Nmap]] is a tool that performs active TCP/IP stack fingerprinting.
 
Line 42 ⟶ 39:
* [http://lcamtuf.coredump.cx/newtcp/ Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later]
 
 
----
{{compu-network-stub}}
 
Retrieved from "https://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting"