SlideShare a Scribd company logo

OS Fingerprinting

Rashmika Nawaratne
Rashmika Nawaratne

Operating system fingerprinting is a technique attackers use to determine the operating system running on a target device in order to select appropriate exploits. There are active and passive fingerprinting methods, such as using tools like Nmap and Ettercap to analyze response packets or capture packets from the target. While fingerprinting risks revealing sensitive information, there are also ways to avoid it like firewalls, NAT, patching systems, and modifying banners and responses. As fingerprinting techniques advance, future attacks may become more customized to specific operating systems and services.

Technology
1 of 6
Download to read offline
CS 3952 Technical Writing Operating System Fingerprinting White Paper B.K.U.R. Nawaratne 090348E W. P. R. M. Perera 090390A
Introduction to Cyber Security We use computers for everything from space investigation to shopping and communicating with friends through email or chat programs. Although you may not consider your communications much of a high confidential issue, you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer. Intruders may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems. Having control of your computer, gives them the ability to hide their true identity as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have, a computer connected to the Internet only to play games or to send emails to friends and family, your computer may be a target. One of the many techniques used to compromise your computer by the attackers is Operating System Fingerprinting. Operating System (OS) fingerprinting is the process of learning what operating system is running on a target device. According to Wikipedia, “TCP/IP stack fingerprinting (or OS fingerprinting) is the process in computing of determining the identity of a remote host’s operating system by analyzing packets from that host.” Why OS Fingerprinting? When an attacker is trying to hack into any computer, he starts to gather information about the computer (target) as much as possible. Major Key information is the operating system the target is running on. As long as this information is not revealed, the attacker is limited in the variety of attacks, probes and exploits. Therefore the focus on initial information gathering is finding out the operating system. There are several approaches to finding out the running operating system of an unknown host without having an account or any other way of logging in directly on this machine. Some of the many OS Fingerprinting techniques are; 1. Direct Banner Grabbing (Classical Fingerprinting) 2. Active IP Packet Fingerprinting 3. Passive IP Packet Fingerprinting
Classical Fingerprinting Even without using any automated techniques of any kind, hosts will often announce their OS to anyone making a connection to them through welcome banners or header information. For example, when connecting to a host via the standard Telnet protocol the OS version is often sent to the client as part of a welcome message. Example from “Techniques in OS-Fingerprinting” by Nostromo: In UNIX like platforms, when using Telnet Protocol; root@nostromo# telnet mail.fh-hagenberg.at 143 Trying 193.170.124.96... Connected to postman.fh-hagenberg.at. Escape character is '^]'. * OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7226.0 (postman.fhs-hagenberg.ac.at) ready. When analyzing the output a lot of information is revealed from the single line that was returned by the server. Now it is up to an attacker to find an exploit for this specific version of the Microsoft Exchange Server 2003. Active IP Packet Fingerprinting Active operating system fingerprinting is the method of actively determining a targeted network node’s underlying operating system by probing the targeted system with several packets and investigating the response. The traditional approach is to examine the TCP/IP stack behavior (IP, TCP, UDP, and ICMP protocols) of a targeted network element when probed with several legitimate packets. We can automate this technique using “nmap” software tool. According to “Techniques in OS-Fingerprinting” published by Nostromo; “nmap begins its OS detection by sending an ICMP ping request to the target. Then it connects to port 80 (HTTP) to see if the target is responding and running at all. Then nmap does the actual portscan, searching for at least one open (an application listening and waiting for connections) and one closed (no application is listening on this specific port) port. To gain exact information about the underlying OS nmap sends several special crafted TCP packets and
records the replies. It then makes a lookup in the OS-detection fingerprint file and detects the Operating System which the target is running on.” Passive IP Packet Fingerprinting Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all it needs to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is based on the principle that every operating system's IP stack has its own individual characteristic. By analyzing sniffer traces and identifying these differences, you may be able determine the operating system of the remote host. “Ettercap” is a package that is available for most common operating systems (Windows, Mac OS X, Linux, and FreeBSD) which collects and dissects packets from a network. According to Ettercap official web site: “Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis. ” Avoiding Fingerprinting “Every problem has a solution” this saying is true for our context, which is OS fingerprinting. There is always a risk of someone steeling your OS information, in the same time there is a mechanism of overcoming this problem. There are number of ways that we can avoid OS fingerprinting. It is so easy to avoid classical fingerprinting (Daemon banner grabbing). Daemon banner grabbing happens through the welcome massage that applications use to send when starting a conversation. This problem can be solved by simple editing the welcome massage. In the same time, we can edit that in such a way that attacker get the wrong information and that information mislead him. Another technique is to provide the attacker with a long daemon banner and in the mean time track him.
This problem can also be solved by use of a firewall. Many firewall products now provide this functionality out of the box. Firewall software provides a language that allows responses to be crafted to particular packets, thus actively spoofing the target OS. In the Sri Lankan context it is harder to do a (active) OS fingerprinting, as most of Sri Lankan systems using a NAT (Network Address translation) system, even though we use NAT as a system to overcome the limitation of IPv4 addresses this can be use as a security technique. When we are using NAT outsider do not have the direct access to our machine. In this scenario, the host’s network is typically given a ‘private’ network designation (10.0.0.0, or 192.168.0.0). An intelligent gateway accepts outgoing packets from hosts do the address translation, which will assign that packet a global IP and a new port. Upon return, the gateway transparently reinstates the original address and forwards the packet to the original host. This effectively makes all traffic to or from the network appears to be coming from the one node, making identification of hosts on the private network very difficult. Always we have to keep updated with the technology, when there is a exploit in a OS, the manufacture tend to develop a patch to overcome that, so uses need to install them as soon as possible. EX from “Techniques in OS-Fingerprinting” published by Nostromo: “IP Personality1 is a patch for Linux kernels of version 2.4, which modifies the characteristics of network traffic. Things that can be influenced are the TCP Initial Sequence Number, the TCP initial window size, the TCP options (their types, values and order in the packet), the IP ID numbers and answers to some pathological TCP packets. After applying this patch iptables has new targets that can be used in the mangle table. “ The future of OS Fingerprinting A current focus of software development houses is one of computer security, with Microsoft launching its “Trustworthy Computing Initiative” (According to Trustworthy Computing Initiative”, Microsoft website) and many OS vendors initiating an automated patch download/update service. Examples include Microsoft’s Windows Automatic Update service included in Windows 2000 and onwards, and the Redhat Network service available via the up2date utility in Redhat Linux. These developments, coupled with the general improvement in the world’s cyber laws and prosecution rates, are slowly ‘raising the bar’ on cyber attacks. In this climate, general ‘script kiddy’ mass-scans may prove too dangerous or fruitless to pursue.
According to “An Overview of Remote Operating System Fingerprinting” by SANS Institute InfoSec Reading Room, “The attacks of the future may be well directed and customized according to OS and services running on the target. This may be considered normal worm activity in the future.” Conclusion OS fingerprinting is a fascinating subject that is of interest to the security community. There are lot of techniques to do OS fingerprinting in the same time there are number of ways to overcome/avoid OS finger printing. Remote OS Fingerprinting is a recent development on the Internet and one to watch. The ability to remotely determine, with high accuracy, the Operating System of a remote host on the Internet is a powerful one. Even though it is limited to a certain part of users due to the lack of global IP addresses, this will rise with the new IPv6 addresses. In future, there will be extremely customized new attacks that will overcome all the barriers and will be harder to avoid. The general trend towards increasing penalties for being caught as the world’s cyber laws improve may also serve as a driver towards more refined attacks in the future. What we have to remember is that, this is like a race when hackers come up with a solution to avoid OS fingerprinting crackers come up with a counter technique; hackers again develop a counter-counter technique that will avoid the new technique discovered by crackers. This cycle never ends. All what we have to do is getting updated with the most recent technology to deal this. Reference [1] Wikipedia Encyclopedia “http://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting/” [2] “Techniques in OS-Fingerprinting” published by Nostromo, Hagenberg, September 2005 [3] Ettercap Official web site “http://ettercap.sourceforge.net/” [4] Netmap Official web site “http://www.netmap.com.au/”

Recommended

Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for network
Eng. Mohammed Ahmed Siddiqui
 
Iot forensics
Iot forensicsIot forensics
Iot forensics
Abeis Ab
 
Banner grabbing
Banner grabbingBanner grabbing
Banner grabbing
arizonainfotech
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
Akmal Hussain
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 

Recommended

Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for network
Eng. Mohammed Ahmed Siddiqui
 
Iot forensics
Iot forensicsIot forensics
Iot forensics
Abeis Ab
 
Banner grabbing
Banner grabbingBanner grabbing
Banner grabbing
arizonainfotech
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
Akmal Hussain
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
Malware and security
Malware and securityMalware and security
Malware and security
Gurbakash Phonsa
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Introduction to cybercrime
Introduction to cybercrimeIntroduction to cybercrime
Introduction to cybercrime
patelripal99
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
Bikrant Gautam
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
MALWARE
MALWAREMALWARE
MALWARE
Anupam Das
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
shashi kiran
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
Karen Oliver
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
Ave Nawsh
 

More Related Content

What's hot

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Introduction to cybercrime
Introduction to cybercrimeIntroduction to cybercrime
Introduction to cybercrime
patelripal99
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
Bikrant Gautam
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
MALWARE
MALWAREMALWARE
MALWARE
Anupam Das
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
shashi kiran
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 

What's hot (20)

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Introduction to cybercrime
Introduction to cybercrimeIntroduction to cybercrime
Introduction to cybercrime
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Email security
Email securityEmail security
Email security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
MALWARE
MALWAREMALWARE
MALWARE
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 

Similar to OS Fingerprinting

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
Karen Oliver
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
Ave Nawsh
 
Hacking
HackingHacking
Hacking
rameswara reddy venkat
 
Hacking
HackingHacking
Hacking
Roshan Chaudhary
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
Greater Noida Institute Of Technology
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
nkrafacyberclub
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
shreyng
 
CSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayCSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment Essay
Rochelle Schear
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
ratnalajaggu
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
Animesh Behera
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
Amanpreet Singh
 
packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244
Tom King
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
scanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testingscanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testing
maryjanebataluna19
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
Wail Hassan
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
Sripati Mahapatra
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networking
Shyam Kumar Singh
 

Similar to OS Fingerprinting (20)

Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
CSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment EssayCSEC 610 Individual Assignment Essay
CSEC 610 Individual Assignment Essay
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244packet-sniffing-switched-environment-244
packet-sniffing-switched-environment-244
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
scanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testingscanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testing
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networking
 

More from Rashmika Nawaratne

Time Management : Manage your focus
Time Management : Manage your focusTime Management : Manage your focus
Time Management : Manage your focus
Rashmika Nawaratne
 
Higher Education Pathways, Opportunities and Scholarships
Higher Education Pathways, Opportunities and ScholarshipsHigher Education Pathways, Opportunities and Scholarships
Higher Education Pathways, Opportunities and Scholarships
Rashmika Nawaratne
 
Professional Etiquette - Communication, Grooming, Email and Workplace
Professional Etiquette - Communication, Grooming, Email and WorkplaceProfessional Etiquette - Communication, Grooming, Email and Workplace
Professional Etiquette - Communication, Grooming, Email and Workplace
Rashmika Nawaratne
 
Mobile Enablement And Intelligence
Mobile Enablement And IntelligenceMobile Enablement And Intelligence
Mobile Enablement And Intelligence
Rashmika Nawaratne
 
Connect the dots and Groom as a Professional
Connect the dots and Groom as a ProfessionalConnect the dots and Groom as a Professional
Connect the dots and Groom as a Professional
Rashmika Nawaratne
 
Resume Writing and Online Media Presence
Resume Writing and Online Media PresenceResume Writing and Online Media Presence
Resume Writing and Online Media Presence
Rashmika Nawaratne
 
Hybrid Mobile Development - Overview and Intro to Cordova/Ionic Framework
Hybrid Mobile Development - Overview and Intro to Cordova/Ionic FrameworkHybrid Mobile Development - Overview and Intro to Cordova/Ionic Framework
Hybrid Mobile Development - Overview and Intro to Cordova/Ionic Framework
Rashmika Nawaratne
 
Show your professionalism using LinkedIn
Show your professionalism using LinkedInShow your professionalism using LinkedIn
Show your professionalism using LinkedIn
Rashmika Nawaratne
 
Professional Communication Etiquette
Professional Communication EtiquetteProfessional Communication Etiquette
Professional Communication Etiquette
Rashmika Nawaratne
 
Chromium vs. Firefox
Chromium vs. FirefoxChromium vs. Firefox
Chromium vs. Firefox
Rashmika Nawaratne
 
Sms presentation
Sms presentationSms presentation
Sms presentation
Rashmika Nawaratne
 
Railway Ticket Issuing System (Online)
Railway Ticket Issuing System (Online)Railway Ticket Issuing System (Online)
Railway Ticket Issuing System (Online)
Rashmika Nawaratne
 
How expensive a logical agent is
How expensive a logical agent isHow expensive a logical agent is
How expensive a logical agent is
Rashmika Nawaratne
 

More from Rashmika Nawaratne (13)

Time Management : Manage your focus
Time Management : Manage your focusTime Management : Manage your focus
Time Management : Manage your focus
 
Higher Education Pathways, Opportunities and Scholarships
Higher Education Pathways, Opportunities and ScholarshipsHigher Education Pathways, Opportunities and Scholarships
Higher Education Pathways, Opportunities and Scholarships
 
Professional Etiquette - Communication, Grooming, Email and Workplace
Professional Etiquette - Communication, Grooming, Email and WorkplaceProfessional Etiquette - Communication, Grooming, Email and Workplace
Professional Etiquette - Communication, Grooming, Email and Workplace
 
Mobile Enablement And Intelligence
Mobile Enablement And IntelligenceMobile Enablement And Intelligence
Mobile Enablement And Intelligence
 
Connect the dots and Groom as a Professional
Connect the dots and Groom as a ProfessionalConnect the dots and Groom as a Professional
Connect the dots and Groom as a Professional
 
Resume Writing and Online Media Presence
Resume Writing and Online Media PresenceResume Writing and Online Media Presence
Resume Writing and Online Media Presence
 
Hybrid Mobile Development - Overview and Intro to Cordova/Ionic Framework
Hybrid Mobile Development - Overview and Intro to Cordova/Ionic FrameworkHybrid Mobile Development - Overview and Intro to Cordova/Ionic Framework
Hybrid Mobile Development - Overview and Intro to Cordova/Ionic Framework
 
Show your professionalism using LinkedIn
Show your professionalism using LinkedInShow your professionalism using LinkedIn
Show your professionalism using LinkedIn
 
Professional Communication Etiquette
Professional Communication EtiquetteProfessional Communication Etiquette
Professional Communication Etiquette
 
Chromium vs. Firefox
Chromium vs. FirefoxChromium vs. Firefox
Chromium vs. Firefox
 
Sms presentation
Sms presentationSms presentation
Sms presentation
 
Railway Ticket Issuing System (Online)
Railway Ticket Issuing System (Online)Railway Ticket Issuing System (Online)
Railway Ticket Issuing System (Online)
 
How expensive a logical agent is
How expensive a logical agent isHow expensive a logical agent is
How expensive a logical agent is
 

Recently uploaded

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 

Recently uploaded (20)

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 

OS Fingerprinting

  • 1. CS 3952 Technical Writing Operating System Fingerprinting White Paper B.K.U.R. Nawaratne 090348E W. P. R. M. Perera 090390A
  • 2. Introduction to Cyber Security We use computers for everything from space investigation to shopping and communicating with friends through email or chat programs. Although you may not consider your communications much of a high confidential issue, you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer. Intruders may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems. Having control of your computer, gives them the ability to hide their true identity as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have, a computer connected to the Internet only to play games or to send emails to friends and family, your computer may be a target. One of the many techniques used to compromise your computer by the attackers is Operating System Fingerprinting. Operating System (OS) fingerprinting is the process of learning what operating system is running on a target device. According to Wikipedia, “TCP/IP stack fingerprinting (or OS fingerprinting) is the process in computing of determining the identity of a remote host’s operating system by analyzing packets from that host.” Why OS Fingerprinting? When an attacker is trying to hack into any computer, he starts to gather information about the computer (target) as much as possible. Major Key information is the operating system the target is running on. As long as this information is not revealed, the attacker is limited in the variety of attacks, probes and exploits. Therefore the focus on initial information gathering is finding out the operating system. There are several approaches to finding out the running operating system of an unknown host without having an account or any other way of logging in directly on this machine. Some of the many OS Fingerprinting techniques are; 1. Direct Banner Grabbing (Classical Fingerprinting) 2. Active IP Packet Fingerprinting 3. Passive IP Packet Fingerprinting
  • 3. Classical Fingerprinting Even without using any automated techniques of any kind, hosts will often announce their OS to anyone making a connection to them through welcome banners or header information. For example, when connecting to a host via the standard Telnet protocol the OS version is often sent to the client as part of a welcome message. Example from “Techniques in OS-Fingerprinting” by Nostromo: In UNIX like platforms, when using Telnet Protocol; root@nostromo# telnet mail.fh-hagenberg.at 143 Trying 193.170.124.96... Connected to postman.fh-hagenberg.at. Escape character is '^]'. * OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7226.0 (postman.fhs-hagenberg.ac.at) ready. When analyzing the output a lot of information is revealed from the single line that was returned by the server. Now it is up to an attacker to find an exploit for this specific version of the Microsoft Exchange Server 2003. Active IP Packet Fingerprinting Active operating system fingerprinting is the method of actively determining a targeted network node’s underlying operating system by probing the targeted system with several packets and investigating the response. The traditional approach is to examine the TCP/IP stack behavior (IP, TCP, UDP, and ICMP protocols) of a targeted network element when probed with several legitimate packets. We can automate this technique using “nmap” software tool. According to “Techniques in OS-Fingerprinting” published by Nostromo; “nmap begins its OS detection by sending an ICMP ping request to the target. Then it connects to port 80 (HTTP) to see if the target is responding and running at all. Then nmap does the actual portscan, searching for at least one open (an application listening and waiting for connections) and one closed (no application is listening on this specific port) port. To gain exact information about the underlying OS nmap sends several special crafted TCP packets and
  • 4. records the replies. It then makes a lookup in the OS-detection fingerprint file and detects the Operating System which the target is running on.” Passive IP Packet Fingerprinting Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all it needs to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is based on the principle that every operating system's IP stack has its own individual characteristic. By analyzing sniffer traces and identifying these differences, you may be able determine the operating system of the remote host. “Ettercap” is a package that is available for most common operating systems (Windows, Mac OS X, Linux, and FreeBSD) which collects and dissects packets from a network. According to Ettercap official web site: “Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis. ” Avoiding Fingerprinting “Every problem has a solution” this saying is true for our context, which is OS fingerprinting. There is always a risk of someone steeling your OS information, in the same time there is a mechanism of overcoming this problem. There are number of ways that we can avoid OS fingerprinting. It is so easy to avoid classical fingerprinting (Daemon banner grabbing). Daemon banner grabbing happens through the welcome massage that applications use to send when starting a conversation. This problem can be solved by simple editing the welcome massage. In the same time, we can edit that in such a way that attacker get the wrong information and that information mislead him. Another technique is to provide the attacker with a long daemon banner and in the mean time track him.
  • 5. This problem can also be solved by use of a firewall. Many firewall products now provide this functionality out of the box. Firewall software provides a language that allows responses to be crafted to particular packets, thus actively spoofing the target OS. In the Sri Lankan context it is harder to do a (active) OS fingerprinting, as most of Sri Lankan systems using a NAT (Network Address translation) system, even though we use NAT as a system to overcome the limitation of IPv4 addresses this can be use as a security technique. When we are using NAT outsider do not have the direct access to our machine. In this scenario, the host’s network is typically given a ‘private’ network designation (10.0.0.0, or 192.168.0.0). An intelligent gateway accepts outgoing packets from hosts do the address translation, which will assign that packet a global IP and a new port. Upon return, the gateway transparently reinstates the original address and forwards the packet to the original host. This effectively makes all traffic to or from the network appears to be coming from the one node, making identification of hosts on the private network very difficult. Always we have to keep updated with the technology, when there is a exploit in a OS, the manufacture tend to develop a patch to overcome that, so uses need to install them as soon as possible. EX from “Techniques in OS-Fingerprinting” published by Nostromo: “IP Personality1 is a patch for Linux kernels of version 2.4, which modifies the characteristics of network traffic. Things that can be influenced are the TCP Initial Sequence Number, the TCP initial window size, the TCP options (their types, values and order in the packet), the IP ID numbers and answers to some pathological TCP packets. After applying this patch iptables has new targets that can be used in the mangle table. “ The future of OS Fingerprinting A current focus of software development houses is one of computer security, with Microsoft launching its “Trustworthy Computing Initiative” (According to Trustworthy Computing Initiative”, Microsoft website) and many OS vendors initiating an automated patch download/update service. Examples include Microsoft’s Windows Automatic Update service included in Windows 2000 and onwards, and the Redhat Network service available via the up2date utility in Redhat Linux. These developments, coupled with the general improvement in the world’s cyber laws and prosecution rates, are slowly ‘raising the bar’ on cyber attacks. In this climate, general ‘script kiddy’ mass-scans may prove too dangerous or fruitless to pursue.
  • 6. According to “An Overview of Remote Operating System Fingerprinting” by SANS Institute InfoSec Reading Room, “The attacks of the future may be well directed and customized according to OS and services running on the target. This may be considered normal worm activity in the future.” Conclusion OS fingerprinting is a fascinating subject that is of interest to the security community. There are lot of techniques to do OS fingerprinting in the same time there are number of ways to overcome/avoid OS finger printing. Remote OS Fingerprinting is a recent development on the Internet and one to watch. The ability to remotely determine, with high accuracy, the Operating System of a remote host on the Internet is a powerful one. Even though it is limited to a certain part of users due to the lack of global IP addresses, this will rise with the new IPv6 addresses. In future, there will be extremely customized new attacks that will overcome all the barriers and will be harder to avoid. The general trend towards increasing penalties for being caught as the world’s cyber laws improve may also serve as a driver towards more refined attacks in the future. What we have to remember is that, this is like a race when hackers come up with a solution to avoid OS fingerprinting crackers come up with a counter technique; hackers again develop a counter-counter technique that will avoid the new technique discovered by crackers. This cycle never ends. All what we have to do is getting updated with the most recent technology to deal this. Reference [1] Wikipedia Encyclopedia “http://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting/” [2] “Techniques in OS-Fingerprinting” published by Nostromo, Hagenberg, September 2005 [3] Ettercap Official web site “http://ettercap.sourceforge.net/” [4] Netmap Official web site “http://www.netmap.com.au/”