Abstract
TCP/IP fingerprinting is the process of identifying the Operating System (OS) of a remote machine through a TCP/IP based computer network. This process has applications close related to network security and both intrusion and defense procedures may use this process to achieve their objectives. There are a large set of methods that performs this process in favorable scenarios. Nowadays there are many adversities that reduce the identification performance. This work compares the characteristics of four active fingerprint tools (Nmap, Xprobe2, SinFP and Zion) and how they deal with test environments under adverse conditions. The results show that Zion outperforms the other tools for all test environments and it is suitable even for use in sensible systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Nmap Hackers Mailing List: Top 2 OS Detection Tools (2008)
The OpenBSD Packet Filter (2010), http://www.openbsd.org/faq/pf/ (OpenBSD version 4.7)
Arkin, O., Yarochkin, F.: XProbe2 A ‘Fuzzy’ Approach to Remote Active Operating System Fingerprinting. Tech. rep., Sys-security (August 2002)
Auffret, P.: SinFP, unification de la prise d’empreinte active et passive des systmes d’exploitation. In: Proc. Symposium sur La Securit des Technologies de L’Information et des Communications (2008)
Bellovin, S.: Defending Against Sequence Number Attacks. RFC 1948 (Informational) (May 1996)
Eddy, W.: TCP SYN Flooding Attacks and Common Mitigations. RFC 4987 (Informational) (August 2007)
Egevang, K., Francis, P.: The IP Network Address Translator (NAT). RFC 1631 (Informational) (May 1994)
Fyodor.: Remote OS Detection via TCP/IP Fingerprinting. Phrack Magazine 8 (1998)
Fyodor.: Nmap Network Scanning. Insecure.Com LLC (2009)
Handley, M., Paxson, V., Kreibich, C.: Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In: Proceedings of the 10th USENIX Security Symposium (2001)
Medeiros, J.P.S., Brito, A.M., Pires, P.S.M.: A New Method for Recognizing Operating Systems of Automation Devices. In: Proc. IEEE Conference on Emerging Technologies & Factory Automation (ETFA 2009), pp. 772–775 (2009)
Medeiros, J.P.S., Brito, A.M., Pires, P.S.M.: An Effective TCP/IP Fingerprinting Technique Based on Strange Attractors Classification. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939, pp. 208–221. Springer, Heidelberg (2010)
Medeiros, J.P.S., Brito, A.M., Pires, P.S.M.: Using Intelligent Techniques to Extend the Applicability of Operating System Fingerprint Databases. Journal of Information Assurance and Security 5(1), 554–560 (2010)
Medeiros, J.P.S., Cunha, A.C., Brito Jr., A.M., Motta Pires, P.S.: Application of Kohonen Maps to Improve Security Tests on Automation Devices. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 235–245. Springer, Heidelberg (2008)
Medeiros, J.P.S., dos Santos, S.R., Brito, A.M., Pires, P.S.M.: Advances in Network Topology Security Visualisation. International Journal of System of Systems Engineering 1(4), 387–400 (2009)
Postel, J.: Transmission Control Protocol. RFC 793 (Standard) (September 1981)
Provos, N.: Honeyd (May 2007), http://www.honeyd.org/ (version 1.5c)
Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley, Reading (2008)
Smart, M., Malan, G., Jahanian, F.: Defeating TCP/IP stack fingerprinting. In: Proceedings of the 9th USENIX Security Symposium (2000)
Srisuresh, P., Egevang, K.: Traditional IP Network Address Translator (Traditional NAT). RFC 3022 (Informational) (January 2001)
Zalewski, M.: Strange Attractors and TCP/IP Sequence Number Analysis. Tech. rep., Coredump (2001)
Zalewski, M.: Strange Attractors and TCP/IP Sequence Number Analysis – One Year Later. Tech. rep., Coredump (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Medeiros, J.P.S., de Medeiros Brito Júnior, A., Motta Pires, P.S. (2011). A Qualitative Survey of Active TCP/IP Fingerprinting Tools and Techniques for Operating Systems Identification. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-21323-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21322-9
Online ISBN: 978-3-642-21323-6
eBook Packages: Computer ScienceComputer Science (R0)