To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

TCP/IP stack fingerprinting

From Wikipedia, the free encyclopedia

Passive OS Fingerprinting method and diagram.

TCP/IP stack fingerprinting is the remote detection of the characteristics of a TCP/IP stack implementation. The combination of parameters may then be used to infer the remote machine's operating system (aka, OS fingerprinting), or incorporated into a device fingerprint.

YouTube Encyclopedic

  • 1/3
    Views:
    803
    863
    8 703
  • 02 OS Fingerprinting
  • Target Operating System Fingerprinting with Nmap and p0f
  • Hacking - Target Operating System Fingerprinting using p0f Tool

Transcription

TCP/IP Fingerprint Specifics

Certain parameters within the TCP protocol definition are left up to the implementation. Different operating systems, and different versions of the same operating system, set different defaults for these values. By collecting and examining these values, one may differentiate among various operating systems and implementations of TCP/IP. The TCP/IP fields that may vary include the following:

  • Initial packet size (16 bits)
  • Initial TTL (8 bits)
  • Window size (16 bits)
  • Max segment size (16 bits)
  • Window scaling value (8 bits)
  • "don't fragment" flag (1 bit)
  • "sackOK" flag (1 bit)
  • "nop" flag (1 bit)

These values may be combined to form a 67-bit signature, or fingerprint, for the target machine.[1] Just inspecting the Initial TTL and window size fields is often enough to successfully identify an operating system, which eases the task of performing manual OS fingerprinting.[2]

Protection against and detecting fingerprinting

Protection against the fingerprint doorway to attack is achieved by limiting the type and amount of traffic a defensive system responds to. Examples include blocking address masks and timestamps from outgoing ICMP control-message traffic, and blocking ICMP echo replies. A security tool can alert to potential fingerprinting: it can match another machine as having a fingerprinter configuration by detecting its fingerprint.[3]

Disallowing TCP/IP fingerprinting provides protection from vulnerability scanners looking to target machines running a certain operating system. Fingerprinting facilitates attacks. Blocking those ICMP messages is only one of an array of defenses required for full protection against attacks.[4]

Targeting the ICMP datagram, an obfuscator running on top of IP in the internet layer acts as a "scrubbing tool" to confuse the TCP/IP fingerprinting data. These exist for Microsoft Windows,[5] Linux[6] and FreeBSD.[7]

Fingerprinting tools

A list of TCP/OS Fingerprinting Tools

  • Zardaxt.py[8] – Passive open-source TCP/IP Fingerprinting Tool.
  • Ettercap – passive TCP/IP stack fingerprinting.
  • Nmap – comprehensive active stack fingerprinting.
  • p0f – comprehensive passive TCP/IP stack fingerprinting.
  • NetSleuth – free passive fingerprinting and analysis tool
  • PacketFence[9] – open source NAC with passive DHCP fingerprinting.
  • Satori – passive CDP, DHCP, ICMP, HPSP, HTTP, TCP/IP and other stack fingerprinting.
  • SinFP – single-port active/passive fingerprinting.
  • XProbe2 – active TCP/IP stack fingerprinting.
  • queso - well-known tool from the late 1990s which is no longer being updated for modern operating systems

References

  1. ^ Chuvakin A. and Peikari, C: "Security Warrior.", page 229. O'Reilly Media Inc., 2004.
  2. ^ "Passive OS Fingerprinting, NETRESEC Network Security Blog". Netresec.com. 2011-11-05. Retrieved 2011-11-25.
  3. ^ "iplog". Retrieved 2011-11-25.
  4. ^ "OS detection not key to penetration". Seclists.org. Retrieved 2011-11-25.
  5. ^ "OSfuscate". Irongeek.com. 2008-09-30. Retrieved 2011-11-25.
  6. ^ Carl-Daniel Hailfinger, carldani@4100XCDT. "IPPersonality". Ippersonality.sourceforge.net. Retrieved 2011-11-25.{{cite web}}: CS1 maint: numeric names: authors list (link)
  7. ^ "Defeating TCP/IP stack fingerprinting". Usenix.org. 2002-01-29. Retrieved 2011-11-25.
  8. ^ "Zardaxt.py". Github. 2021-11-25. Retrieved 2021-11-25.
  9. ^ "PacketFence". PacketFence. 2011-11-21. Retrieved 2011-11-25.

External links

This page was last edited on 16 July 2023, at 22:18
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy