Skip to main content
SpringerLink
Log in

A Qualitative Survey of Active TCP/IP Fingerprinting Tools and Techniques for Operating Systems Identification

  • Conference paper
Computational Intelligence in Security for Information Systems

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6694))

Abstract

TCP/IP fingerprinting is the process of identifying the Operating System (OS) of a remote machine through a TCP/IP based computer network. This process has applications close related to network security and both intrusion and defense procedures may use this process to achieve their objectives. There are a large set of methods that performs this process in favorable scenarios. Nowadays there are many adversities that reduce the identification performance. This work compares the characteristics of four active fingerprint tools (Nmap, Xprobe2, SinFP and Zion) and how they deal with test environments under adverse conditions. The results show that Zion outperforms the other tools for all test environments and it is suitable even for use in sensible systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Nmap Hackers Mailing List: Top 2 OS Detection Tools (2008)

    Google Scholar 

  2. The OpenBSD Packet Filter (2010), http://www.openbsd.org/faq/pf/ (OpenBSD version 4.7)

  3. Arkin, O., Yarochkin, F.: XProbe2 A ‘Fuzzy’ Approach to Remote Active Operating System Fingerprinting. Tech. rep., Sys-security (August 2002)

    Google Scholar 

  4. Auffret, P.: SinFP, unification de la prise d’empreinte active et passive des systmes d’exploitation. In: Proc. Symposium sur La Securit des Technologies de L’Information et des Communications (2008)

    Google Scholar 

  5. Bellovin, S.: Defending Against Sequence Number Attacks. RFC 1948 (Informational) (May 1996)

    Google Scholar 

  6. Eddy, W.: TCP SYN Flooding Attacks and Common Mitigations. RFC 4987 (Informational) (August 2007)

    Google Scholar 

  7. Egevang, K., Francis, P.: The IP Network Address Translator (NAT). RFC 1631 (Informational) (May 1994)

    Google Scholar 

  8. Fyodor.: Remote OS Detection via TCP/IP Fingerprinting. Phrack Magazine 8 (1998)

    Google Scholar 

  9. Fyodor.: Nmap Network Scanning. Insecure.Com LLC (2009)

    Google Scholar 

  10. Handley, M., Paxson, V., Kreibich, C.: Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. In: Proceedings of the 10th USENIX Security Symposium (2001)

    Google Scholar 

  11. Medeiros, J.P.S., Brito, A.M., Pires, P.S.M.: A New Method for Recognizing Operating Systems of Automation Devices. In: Proc. IEEE Conference on Emerging Technologies & Factory Automation (ETFA 2009), pp. 772–775 (2009)

    Google Scholar 

  12. Medeiros, J.P.S., Brito, A.M., Pires, P.S.M.: An Effective TCP/IP Fingerprinting Technique Based on Strange Attractors Classification. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939, pp. 208–221. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Medeiros, J.P.S., Brito, A.M., Pires, P.S.M.: Using Intelligent Techniques to Extend the Applicability of Operating System Fingerprint Databases. Journal of Information Assurance and Security 5(1), 554–560 (2010)

    Google Scholar 

  14. Medeiros, J.P.S., Cunha, A.C., Brito Jr., A.M., Motta Pires, P.S.: Application of Kohonen Maps to Improve Security Tests on Automation Devices. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 235–245. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Medeiros, J.P.S., dos Santos, S.R., Brito, A.M., Pires, P.S.M.: Advances in Network Topology Security Visualisation. International Journal of System of Systems Engineering 1(4), 387–400 (2009)

    Article  Google Scholar 

  16. Postel, J.: Transmission Control Protocol. RFC 793 (Standard) (September 1981)

    Google Scholar 

  17. Provos, N.: Honeyd (May 2007), http://www.honeyd.org/ (version 1.5c)

  18. Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley, Reading (2008)

    Google Scholar 

  19. Smart, M., Malan, G., Jahanian, F.: Defeating TCP/IP stack fingerprinting. In: Proceedings of the 9th USENIX Security Symposium (2000)

    Google Scholar 

  20. Srisuresh, P., Egevang, K.: Traditional IP Network Address Translator (Traditional NAT). RFC 3022 (Informational) (January 2001)

    Google Scholar 

  21. Zalewski, M.: Strange Attractors and TCP/IP Sequence Number Analysis. Tech. rep., Coredump (2001)

    Google Scholar 

  22. Zalewski, M.: Strange Attractors and TCP/IP Sequence Number Analysis – One Year Later. Tech. rep., Coredump (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LabSIN – Security Information Laboratory, LabEPI – Elements of Information Processing Laboratory, Department of Exact and Applied Sciences – DCEA, Federal University of Rio Grande do Norte – UFRN, Natal, 59.078-970, RN, Brazil

    João Paulo S. Medeiros

  2. LabSIN – Security Information Laboratory, LabEPI – Elements of Information Processing Laboratory, Department of Computer Engineering and Automation – DCA, Federal University of Rio Grande do Norte – UFRN, Natal, 59.078-970, RN, Brazil

    Agostinho de Medeiros Brito Júnior & Paulo S. Motta Pires

Authors
  1. João Paulo S. Medeiros
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Agostinho de Medeiros Brito Júnior
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paulo S. Motta Pires
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Departamento de Ingeniería Civil, Universidad de Burgos, Francisco de Vitoria s/n, 09006, Burgos, Spain

    Álvaro Herrero

  2. Departamento de Informática y Automática, Universidad de Salamanca, Plaza de la Merced s/n, 37008, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Medeiros, J.P.S., de Medeiros Brito Júnior, A., Motta Pires, P.S. (2011). A Qualitative Survey of Active TCP/IP Fingerprinting Tools and Techniques for Operating Systems Identification. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21323-6_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21322-9

  • Online ISBN: 978-3-642-21323-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation