Information Technology Reference
In-Depth Information
A Qualitative Survey of Active TCP/IP
Fingerprinting Tools and Techniques for
Operating Systems Identification
Joao Paulo S. Medeiros
1
, Agostinho de Medeiros Brito Junior
2
,
and Paulo S. Motta Pires
2
LabSIN - Security Information Laboratory
LabEPI - Elements of Information Processing Laboratory
1
Department of Exact and Applied Sciences - DCEA
2
Department of Computer Engineering and Automation - DCA
Federal University of Rio Grande do Norte - UFRN
Natal, 59.078-970, RN, Brazil
{
joaomedeiros,ambj,pmotta
}
@dca.ufrn.br
Abstract.
TCP/IP fingerprinting is the process of identifying the
Operating System (OS) of a remote machine through a TCP/IP based
computer network. This process has applications close related to net-
work security and both intrusion and defense procedures may use this
process to achieve their objectives. There are a large set of methods that
performs this process in favorable scenarios. Nowadays there are many
adversities that reduce the identification performance. This work com-
pares the characteristics of four active fingerprint tools (Nmap, Xprobe2,
SinFP and Zion) and how they deal with test environments under adverse
conditions. The results show that Zion outperforms the other tools for
all test environments and it is suitable even for use in sensible systems.
1
Introduction
The remote identification of operating systems, also known as OS fingerprinting
(Operating System fingerprinting), is a process that aims at the discovery of the
operating system of a remote machine. We consider remote a machine that is
accessible through a computer network. This identification is accomplished by
the use of data from the remote machine. More specifically, the process of OS
fingerprinting is illustrated in Fig. 1.
Fig. 1.
Representation of the OS fingerprinting process [11]
Search WWH ::
Custom Search